Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(auth): make login emails case-insensitive #2125

Merged
merged 5 commits into from
Jun 10, 2021
Merged

fix(auth): make login emails case-insensitive #2125

merged 5 commits into from
Jun 10, 2021

Conversation

mantariksh
Copy link
Contributor

Problem

#2084 introduced a bug where non-lowercase emails could not be used to log in to the admin dashboard.

The frontend used to mutate vm.credentials.email to lowercase at the point of sending the OTP, then use the lowercased string when subsequently verifying the OTP. This is important because the email domains in the Agencies collection are all in lowercase, so only lowercase email domains are considered to be valid. However, #2084 removed this mutation, resulting in OTP verification breaking for non-lowercase emails.

This exposes a source of bugs in the authorisation flow, namely that the backend implicitly relies on the frontend to send email strings in the correct case.

Solution

For all authorisation endpoints, lowercase email addresses at the edge of the application using Joi validation. This ensures that there is no ambiguity about the case of the string at any layer of the backend.

Breaking Changes

  • Yes - this PR contains breaking changes
    • Details ...
  • No - this PR is backwards compatible

Bug Fixes:

Login to admin dashboard is now case-insensitive for email addresses.

Tests

Integration tests were added to test the case-insensitivity of the authorisation endpoints.

Manual tests

  • Ensure that you can log in successfully to the dashboard when typing your email in uppercase.

@mantariksh mantariksh requested a review from karrui June 10, 2021 02:10
karrui
karrui approved these changes Jun 10, 2021
View reviewed changes
Copy link
Contributor

@karrui karrui left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm, thanks for the catch!

@mantariksh mantariksh merged commit 3cf26b8 into develop Jun 10, 2021
@mantariksh mantariksh deleted the fix/lowercase-login-email branch June 10, 2021 03:20
@mantariksh mantariksh mentioned this pull request Jun 15, 2021
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@karrui karrui karrui approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@mantariksh @karrui