Revert "fix(api): use lowercase email address (#61490)" (#61608)

2026-04-10 13:00:59 -04:00 · 2025-07-30 17:09:36 +02:00
parent a087e33efc
commit 4448bcbd92
3 changed files with 5 additions and 47 deletions
--- a/api/src/routes/helpers/auth-helpers.test.ts
+++ b/api/src/routes/helpers/auth-helpers.test.ts
@@ -24,13 +24,7 @@ describe('findOrCreateUser', () => {
  });

  afterEach(async () => {
-    await fastify.prisma.user.deleteMany({
-      where: {
-        email: {
-          in: [email, email.toUpperCase()]
-        }
-      }
-    });
+    await fastify.prisma.user.deleteMany({ where: { email } });
    await fastify.close();
    jest.clearAllMocks();
  });
@@ -66,29 +60,4 @@ describe('findOrCreateUser', () => {

    expect(captureException).not.toHaveBeenCalled();
  });
-
-  it("should NOT create a user if there is already an account with the lowercase version of the user's email", async () => {
-    const upperCaseEmail = email.toUpperCase();
-
-    // Create a user with lowercase email
-    const existingUser = await fastify.prisma.user.create({
-      data: createUserInput(email)
-    });
-
-    // Try to find or create with uppercase email
-    const result = await findOrCreateUser(fastify, upperCaseEmail);
-
-    // Should return the existing user, not create a new one
-    expect(result.id).toBe(existingUser.id);
-
-    // Verify only one user exists in the database
-    const allUsers = await fastify.prisma.user.findMany({
-      where: {
-        email: {
-          in: [upperCaseEmail, email]
-        }
-      }
-    });
-    expect(allUsers).toHaveLength(1);
-  });
 });
--- a/api/src/routes/helpers/auth-helpers.ts
+++ b/api/src/routes/helpers/auth-helpers.ts
@@ -11,16 +11,10 @@ export const findOrCreateUser = async (
  fastify: FastifyInstance,
  email: string
 ): Promise<{ id: string; acceptedPrivacyTerms: boolean }> => {
-  const lowerCaseEmail = email.toLowerCase();
  // TODO: handle the case where there are multiple users with the same email.
  // e.g. use findMany and throw an error if more than one is found.
  const existingUser = await fastify.prisma.user.findMany({
-    where: {
-      // https://www.mongodb.com/docs/manual/reference/operator/query/or/#-or-versus--in
-      email: {
-        in: [email, lowerCaseEmail]
-      }
-    },
+    where: { email },
    select: { id: true, acceptedPrivacyTerms: true }
  });
  if (existingUser.length > 1) {
@@ -34,7 +28,7 @@ export const findOrCreateUser = async (
  return (
    existingUser[0] ??
    (await fastify.prisma.user.create({
-      data: createUserInput(lowerCaseEmail),
+      data: createUserInput(email),
      select: { id: true, acceptedPrivacyTerms: true }
    }))
  );
--- a/api/src/routes/protected/settings.ts
+++ b/api/src/routes/protected/settings.ts
@@ -765,9 +765,7 @@ export const settingRedirectRoutes: FastifyPluginCallbackTypebox = (
    },
    async (req, reply) => {
      const logger = fastify.log.child({ req, res: reply });
-      const email = Buffer.from(req.query.email, 'base64')
-        .toString()
-        .toLowerCase();
+      const email = Buffer.from(req.query.email, 'base64').toString();

      const { origin } = getRedirectParams(req);
      if (!isEmail(email)) {
@@ -793,12 +791,9 @@ export const settingRedirectRoutes: FastifyPluginCallbackTypebox = (
      // TODO(Post-MVP): should this fail if it's not the currently signed in
      // user?
      const targetUser = await fastify.prisma.user.findUnique({
-        where: { id: authToken.userId },
-        select: { id: true, newEmail: true }
+        where: { id: authToken.userId }
      });

-      // TODO: update redirect message to be specific about issue
-      //       Most likely cause being user tampered callback url
      if (targetUser?.newEmail !== email) {
        return reply.redirectWithMessage(origin, redirectMessage);
      }