From ad9009afa16f02dadac0367aaa8afafdc9d573a9 Mon Sep 17 00:00:00 2001 From: Julien Gautier Date: Mon, 27 Apr 2026 01:26:38 +0200 Subject: [PATCH] fix(auth): replace normalizeEmail with toLowerCase to prevent Gmail dot-stripping MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit normalizeEmail() transforms e.g. user.name@gmail.com → username@gmail.com (removes dots per Gmail aliasing rules), causing a mismatch between the stored email and the value Passport searches for at login. Replaced with toLowerCase() which is the only normalization applied consistently by create-user.js and the rest of the app. --- src/middlewares/validators/users.validators.js | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/middlewares/validators/users.validators.js b/src/middlewares/validators/users.validators.js index 1eff2d6..f1fbb2b 100644 --- a/src/middlewares/validators/users.validators.js +++ b/src/middlewares/validators/users.validators.js @@ -4,7 +4,7 @@ const createUserRules = [ body('user.email') .notEmpty().withMessage("can't be blank") .isEmail().withMessage('must be a valid email address') - .normalizeEmail(), + .toLowerCase(), body('user.username') .notEmpty().withMessage("can't be blank") .isLength({ min: 3, max: 50 }).withMessage('must be between 3 and 50 characters') @@ -18,7 +18,7 @@ const loginRules = [ body('user.email') .notEmpty().withMessage("can't be blank") .isEmail().withMessage('must be a valid email address') - .normalizeEmail(), + .toLowerCase(), body('user.password') .notEmpty().withMessage("can't be blank"), ]; @@ -44,7 +44,7 @@ const updateEmailRules = [ body('user.email') .notEmpty().withMessage("can't be blank") .isEmail().withMessage('must be a valid email address') - .normalizeEmail(), + .toLowerCase(), ]; const updateUsernameRules = [