fix: allow email to be uppercase - fix #246

openhotel · Jan 22, 2025 · af7e46b · af7e46b
1 parent bf4b0d7
commit af7e46b
Show file tree

Hide file tree

Showing 5 changed files with 11 additions and 6 deletions.
diff --git a/app/client/src/shared/consts/account.consts.ts b/app/client/src/shared/consts/account.consts.ts
@@ -8,4 +8,4 @@ export const PASSWORD_MIN_LEN = 8;
 // Regex is not the appropriate way to validate email addresses, but anyway...
 // https://stackoverflow.com/a/201378
 export const EMAIL_REGEX =
-  /^(?:[a-z0-9!#$%&'*+/=?^_`{|}~-]+(?:\.[a-z0-9!#$%&'*+/=?^_`{|}~-]+)*|"(?:[\x01-\x08\x0b\x0c\x0e-\x1f\x21\x23-\x5b\x5d-\x7f]|\\[\x01-\x09\x0b\x0c\x0e-\x7f])*")@(?:(?:[a-z0-9](?:[a-z0-9-]*[a-z0-9])?\.)+[a-z0-9](?:[a-z0-9-]*[a-z0-9])?|\[(?:(?:(2(5[0-5]|[0-4][0-9])|1[0-9][0-9]|[1-9]?[0-9]))\.){3}(?:(2(5[0-5]|[0-4][0-9])|1[0-9][0-9]|[1-9]?[0-9])|[a-z0-9-]*[a-z0-9]:(?:[\x01-\x08\x0b\x0c\x0e-\x1f\x21-\x5a\x53-\x7f]|\\[\x01-\x09\x0b\x0c\x0e-\x7f])+)\])$/;
+  /^(?:[a-zA-Z0-9!#$%&'*+/=?^_`{|}~-]+(?:\.[a-zA-Z0-9!#$%&'*+/=?^_`{|}~-]+)*|"(?:[\x01-\x08\x0b\x0c\x0e-\x1f\x21\x23-\x5b\x5d-\x7f]|\\[\x01-\x09\x0b\x0c\x0e-\x7f])*")@(?:(?:[a-zA-Z0-9](?:[a-zA-Z0-9-]*[a-zA-Z0-9])?\.)+[a-zA-Z0-9](?:[a-zA-Z0-9-]*[a-zA-Z0-9])?|\[(?:(?:(2(5[0-5]|[0-4][0-9])|1[0-9][0-9]|[1-9]?[0-9]))\.){3}(?:(2(5[0-5]|[0-4][0-9])|1[0-9][0-9]|[1-9]?[0-9])|[a-zA-Z0-9-]*[a-zA-Z0-9]:(?:[\x01-\x08\x0b\x0c\x0e-\x1f\x21-\x5a\x53-\x7f]|\\[\x01-\x09\x0b\x0c\x0e-\x7f])+)\])$/;
diff --git a/app/server/src/modules/api/v3/account/recover-password.request.ts b/app/server/src/modules/api/v3/account/recover-password.request.ts
@@ -15,7 +15,9 @@ export const recoverPasswordPostRequest: RequestType = {
   pathname: "/recover-password",
   kind: RequestKind.PUBLIC,
   func: async (request: Request) => {
-    const { email } = await request.json();
+    let { email } = await request.json();
+
+    email = email?.toLowerCase();
 
     if (!email || !new RegExp(EMAIL_REGEX).test(email)) {
       return getResponse(HttpStatusCode.BAD_REQUEST, {

diff --git a/app/server/src/modules/api/v3/account/register.request.ts b/app/server/src/modules/api/v3/account/register.request.ts
@@ -21,7 +21,7 @@ export const registerPostRequest: RequestType = {
   pathname: "/register",
   kind: RequestKind.PUBLIC,
   func: async (request: Request) => {
-    const { email, username, password, rePassword, captchaId } =
+    let { email, username, password, rePassword, captchaId } =
       await request.json();
 
     if (
@@ -35,6 +35,8 @@ export const registerPostRequest: RequestType = {
         message: "Some input is missing or invalid captcha!",
       });
 
+    email = email.toLowerCase();
+
     if (
       !new RegExp(EMAIL_REGEX).test(email) ||
       !new RegExp(USERNAME_REGEX).test(username) ||

diff --git a/app/server/src/modules/api/v3/admin/user.request.ts b/app/server/src/modules/api/v3/admin/user.request.ts
@@ -18,14 +18,15 @@ export const userPatchRequest: RequestType = {
     if (!(await hasRequestAccess({ request, admin: true })))
       return getResponse(HttpStatusCode.FORBIDDEN);
 
-    const { accountId, username, email, createdAt, admin } =
-      await request.json();
+    let { accountId, username, email, createdAt, admin } = await request.json();
 
     if (!accountId || !username || !email || !createdAt)
       return getResponse(HttpStatusCode.FORBIDDEN, {
         message: "Some input is missing!",
       });
 
+    email = email.toLowerCase();
+
     if (
       !new RegExp(EMAIL_REGEX).test(email) ||
       !new RegExp(USERNAME_REGEX).test(username)

diff --git a/app/server/src/shared/consts/account.consts.ts b/app/server/src/shared/consts/account.consts.ts
@@ -9,4 +9,4 @@ export const PASSWORD_REGEX = /^.{8,64}$/;
 // Regex is not the appropriate way to validate email addresses, but anyway...
 // https://stackoverflow.com/a/201378
 export const EMAIL_REGEX =
-  /^(?:[a-z0-9!#$%&'*+/=?^_`{|}~-]+(?:\.[a-z0-9!#$%&'*+/=?^_`{|}~-]+)*|"(?:[\x01-\x08\x0b\x0c\x0e-\x1f\x21\x23-\x5b\x5d-\x7f]|\\[\x01-\x09\x0b\x0c\x0e-\x7f])*")@(?:(?:[a-z0-9](?:[a-z0-9-]*[a-z0-9])?\.)+[a-z0-9](?:[a-z0-9-]*[a-z0-9])?|\[(?:(?:(2(5[0-5]|[0-4][0-9])|1[0-9][0-9]|[1-9]?[0-9]))\.){3}(?:(2(5[0-5]|[0-4][0-9])|1[0-9][0-9]|[1-9]?[0-9])|[a-z0-9-]*[a-z0-9]:(?:[\x01-\x08\x0b\x0c\x0e-\x1f\x21-\x5a\x53-\x7f]|\\[\x01-\x09\x0b\x0c\x0e-\x7f])+)\])$/;
+  /^(?:[a-zA-Z0-9!#$%&'*+/=?^_`{|}~-]+(?:\.[a-zA-Z0-9!#$%&'*+/=?^_`{|}~-]+)*|"(?:[\x01-\x08\x0b\x0c\x0e-\x1f\x21\x23-\x5b\x5d-\x7f]|\\[\x01-\x09\x0b\x0c\x0e-\x7f])*")@(?:(?:[a-zA-Z0-9](?:[a-zA-Z0-9-]*[a-zA-Z0-9])?\.)+[a-zA-Z0-9](?:[a-zA-Z0-9-]*[a-zA-Z0-9])?|\[(?:(?:(2(5[0-5]|[0-4][0-9])|1[0-9][0-9]|[1-9]?[0-9]))\.){3}(?:(2(5[0-5]|[0-4][0-9])|1[0-9][0-9]|[1-9]?[0-9])|[a-zA-Z0-9-]*[a-zA-Z0-9]:(?:[\x01-\x08\x0b\x0c\x0e-\x1f\x21-\x5a\x53-\x7f]|\\[\x01-\x09\x0b\x0c\x0e-\x7f])+)\])$/;