From 8f9e9f22f2d2927e0290153930bf0ead1802f087 Mon Sep 17 00:00:00 2001
From: Bruno Bernardino <me@brunobernardino.com>
Date: Sat, 26 Aug 2023 09:59:19 +0100
Subject: [PATCH] Force lowercase on email signup.

---
 pages/api/user.ts | 31 +++++++++++++++++++------------
 1 file changed, 19 insertions(+), 12 deletions(-)

diff --git a/pages/api/user.ts b/pages/api/user.ts
index a624339..0a5abef 100644
--- a/pages/api/user.ts
+++ b/pages/api/user.ts
@@ -23,21 +23,23 @@ import { SupportedCurrencySymbol, validateEmail } from '/public/ts/utils.ts';
 async function createUserAction(request: Request) {
   const { email, encrypted_key_pair }: { email: string; encrypted_key_pair: EncryptedData } = await request.json();
 
-  if (!email || !encrypted_key_pair) {
+  const lowercaseEmail = (email || '').toLocaleLowerCase().trim();
+
+  if (!lowercaseEmail || !encrypted_key_pair) {
     return new Response('Bad Request', { status: 400 });
   }
 
-  if (!validateEmail(email)) {
+  if (!validateEmail(lowercaseEmail)) {
     return new Response('Bad Request', { status: 400 });
   }
 
-  const existingUserByEmail = await getUserByEmail(email);
+  const existingUserByEmail = await getUserByEmail(lowercaseEmail);
 
   if (existingUserByEmail) {
     return new Response('Bad Request', { status: 400 });
   }
 
-  const user = await createUser(email, encrypted_key_pair);
+  const user = await createUser(lowercaseEmail, encrypted_key_pair);
 
   if (!user) {
     return new Response('Bad Request', { status: 400 });
@@ -68,7 +70,9 @@ async function updateUserAction(request: Request) {
     return new Response('Bad Request', { status: 400 });
   }
 
-  if (!email && !encrypted_key_pair && !currency) {
+  const lowercaseEmail = (email || '').toLocaleLowerCase().trim();
+
+  if (!lowercaseEmail && !encrypted_key_pair && !currency) {
     return new Response('Bad Request', { status: 400 });
   }
 
@@ -79,8 +83,8 @@ async function updateUserAction(request: Request) {
       user.extra.currency = currency;
 
       await updateUser(user);
-    } else if (email) {
-      const existingUserByEmail = await getUserByEmail(email);
+    } else if (lowercaseEmail) {
+      const existingUserByEmail = await getUserByEmail(lowercaseEmail);
 
       if (existingUserByEmail) {
         return new Response('Bad Request', { status: 400 });
@@ -89,7 +93,7 @@ async function updateUserAction(request: Request) {
 
     const verificationCode = await createVerificationCode(user, session, 'user-update');
 
-    if (email) {
+    if (lowercaseEmail) {
       await sendVerifyUpdateEmailEmail(user.email, verificationCode);
     }
     if (encrypted_key_pair) {
@@ -100,8 +104,8 @@ async function updateUserAction(request: Request) {
 
     const oldEmail = user.email;
 
-    if (email) {
-      user.email = email;
+    if (lowercaseEmail) {
+      user.email = lowercaseEmail;
     }
 
     if (encrypted_key_pair) {
@@ -110,8 +114,11 @@ async function updateUserAction(request: Request) {
 
     await updateUser(user);
 
-    if (email && (user.subscription.external.stripe || user.subscription.external.paypal) && email !== oldEmail) {
-      await sendUpdateEmailInProviderEmail(oldEmail, email);
+    if (
+      lowercaseEmail && (user.subscription.external.stripe || user.subscription.external.paypal) &&
+      lowercaseEmail !== oldEmail
+    ) {
+      await sendUpdateEmailInProviderEmail(oldEmail, lowercaseEmail);
     }
   }