fix: convert all identifiers to lower case on login (#815)

Closes #814

identity/pool.go

@@ -5,6 +5,7 @@ import (
 	"errors"
 	"fmt"
 	"strconv"
+	"strings"
 	"testing"
 	"time"
 
@@ -394,18 +395,19 @@ func TestPool(conf *config.Provider, p interface {
 			assertEqual(t, expected, actual)
 		})
 
-		t.Run("case=find identity by its credentials case insensitive emails", func(t *testing.T) {
-			expected := passwordIdentity("", "[email protected]")
+		t.Run("case=find identity by its credentials case insensitive", func(t *testing.T) {
+			identifier := x.NewUUID().String()
+			expected := passwordIdentity("", strings.ToUpper(identifier))
 			expected.Traits = Traits(`{}`)
 
 			require.NoError(t, p.CreateIdentity(context.Background(), expected))
 			createdIDs = append(createdIDs, expected.ID)
 
-			actual, creds, err := p.FindByCredentialsIdentifier(context.Background(), CredentialsTypePassword, "[email protected]")
+			actual, creds, err := p.FindByCredentialsIdentifier(context.Background(), CredentialsTypePassword, identifier)
 			require.NoError(t, err)
 
 			assert.EqualValues(t, expected.Credentials[CredentialsTypePassword].ID, creds.ID)
-			assert.EqualValues(t, []string{"[email protected]"}, creds.Identifiers)
+			assert.EqualValues(t, []string{strings.ToLower(identifier)}, creds.Identifiers)
 			assert.JSONEq(t, string(expected.Credentials[CredentialsTypePassword].Config), string(creds.Config))
 
 			expected.Credentials = nil

persistence/sql/persister_identity.go

@@ -54,8 +54,8 @@ func (p *Persister) FindByCredentialsIdentifier(ctx context.Context, ct identity
 		IdentityID uuid.UUID `db:"identity_id"`
 	}
 
-	// Force case-insensitivity for email addresses
-	if strings.Contains(match, "@") && ct == identity.CredentialsTypePassword {
+	// Force case-insensitivity for identifiers
+	if ct == identity.CredentialsTypePassword {
 		match = strings.ToLower(match)
 	}
 
@@ -115,8 +115,8 @@ func (p *Persister) createIdentityCredentials(ctx context.Context, i *identity.I
 		}
 
 		for _, ids := range cred.Identifiers {
-			// Force case-insensitivity for email addresses
-			if strings.Contains(ids, "@") && cred.Type == identity.CredentialsTypePassword {
+			// Force case-insensitivity for identifiers
+			if cred.Type == identity.CredentialsTypePassword {
 				ids = strings.ToLower(ids)
 			}
 

selfservice/strategy/password/login_test.go

@@ -8,6 +8,7 @@ import (
 	"io/ioutil"
 	"net/http"
 	"net/url"
+	"strings"
 	"testing"
 	"time"
 
@@ -23,10 +24,10 @@ import (
 
 	"github.com/ory/x/pointerx"
 
+	"github.com/ory/kratos-client-go/models"
 	"github.com/ory/kratos/driver/config"
 	"github.com/ory/kratos/identity"
 	"github.com/ory/kratos/internal"
-	"github.com/ory/kratos-client-go/models"
 	"github.com/ory/kratos/internal/testhelpers"
 	"github.com/ory/kratos/schema"
 	"github.com/ory/kratos/selfservice/flow/login"
@@ -520,4 +521,24 @@ func TestCompleteLogin(t *testing.T) {
 		assert.Equal(t, identifier, gjson.Get(body2, "identity.traits.subject").String(), "%s", body2)
 		assert.NotEqual(t, gjson.Get(body1, "id").String(), gjson.Get(body2, "id").String(), "%s\n\n%s\n", body1, body2)
 	})
+
+	t.Run("should login same identity regardless of identifier capitalization", func(t *testing.T) {
+		identifier, pwd := x.NewUUID().String(), "password"
+		createIdentity(identifier, pwd)
+
+		browserClient := testhelpers.NewClientWithCookies(t)
+		f := testhelpers.InitializeLoginFlowViaBrowser(t, browserClient, publicTS, false)
+		c := testhelpers.GetLoginFlowMethodConfig(t, f.Payload, identity.CredentialsTypePassword.String())
+
+		values := url.Values{"identifier": {strings.ToUpper(identifier)}, "password": {pwd}, "csrf_token": {x.FakeCSRFToken}}.Encode()
+
+		_, res := testhelpers.LoginMakeRequest(t, false, c, browserClient, values)
+		assert.EqualValues(t, http.StatusOK, res.StatusCode)
+
+		f = testhelpers.InitializeLoginFlowViaBrowser(t, browserClient, publicTS, true)
+		c = testhelpers.GetLoginFlowMethodConfig(t, f.Payload, identity.CredentialsTypePassword.String())
+		body2, res := testhelpers.LoginMakeRequest(t, false, c, browserClient, values)
+
+		assert.Equal(t, identifier, gjson.Get(body2, "identity.traits.subject").String(), "%s", body2)
+	})
 }

test/e2e/cypress/integration/profiles/email/login/success.spec.js

@@ -27,4 +27,19 @@ context('Login Flow Success', () => {
       expect(identity.traits.email).to.equal(email)
     })
   })
+
+  it('should sign in with case insensitive identifier', () => {
+    cy.get('input[name="identifier"]').type(email.toUpperCase())
+    cy.get('input[name="password"]').type(password)
+    cy.get('button[type="submit"]').click()
+
+    cy.session().should((session) => {
+      const { identity } = session
+      expect(identity.id).to.not.be.empty
+      expect(identity.schema_id).to.equal('default')
+      expect(identity.schema_url).to.equal(`${APP_URL}/schemas/default`)
+      expect(identity.traits.website).to.equal(website)
+      expect(identity.traits.email).to.equal(email)
+    })
+  })
 })