fix(auth): replace normalizeEmail with toLowerCase to prevent Gmail dot-stripping

normalizeEmail() transforms e.g. user.name@gmail.comusername@gmail.com
(removes dots per Gmail aliasing rules), causing a mismatch between the
stored email and the value Passport searches for at login. Replaced with
toLowerCase() which is the only normalization applied consistently by
create-user.js and the rest of the app.
This commit is contained in:
2026-04-27 01:26:38 +02:00
parent d82dc0578c
commit ad9009afa1
@@ -4,7 +4,7 @@ const createUserRules = [
body('user.email') body('user.email')
.notEmpty().withMessage("can't be blank") .notEmpty().withMessage("can't be blank")
.isEmail().withMessage('must be a valid email address') .isEmail().withMessage('must be a valid email address')
.normalizeEmail(), .toLowerCase(),
body('user.username') body('user.username')
.notEmpty().withMessage("can't be blank") .notEmpty().withMessage("can't be blank")
.isLength({ min: 3, max: 50 }).withMessage('must be between 3 and 50 characters') .isLength({ min: 3, max: 50 }).withMessage('must be between 3 and 50 characters')
@@ -18,7 +18,7 @@ const loginRules = [
body('user.email') body('user.email')
.notEmpty().withMessage("can't be blank") .notEmpty().withMessage("can't be blank")
.isEmail().withMessage('must be a valid email address') .isEmail().withMessage('must be a valid email address')
.normalizeEmail(), .toLowerCase(),
body('user.password') body('user.password')
.notEmpty().withMessage("can't be blank"), .notEmpty().withMessage("can't be blank"),
]; ];
@@ -44,7 +44,7 @@ const updateEmailRules = [
body('user.email') body('user.email')
.notEmpty().withMessage("can't be blank") .notEmpty().withMessage("can't be blank")
.isEmail().withMessage('must be a valid email address') .isEmail().withMessage('must be a valid email address')
.normalizeEmail(), .toLowerCase(),
]; ];
const updateUsernameRules = [ const updateUsernameRules = [