fix: allow login by email case-insensitive (#7578)

A customer noted that the login by email was case-sensitive, which differs to the handling of the loginname. This PR changes the email check to be case-insensitive (which it was already in same parts) and improve the search for this as well.
2025-01-08 18:47:52 +00:00 · 2024-03-20 16:51:26 +01:00 · 2024-03-20 16:51:26 +01:00 · 7e24a1adbc
commit 7e24a1adbc
parent b2d7352a5a
7 changed files with 49 additions and 12 deletions
--- a/cmd/setup/25.go
+++ b/cmd/setup/25.go
@ -0,0 +1,27 @@
 package setup
 import (
 	"context"
 	_ "embed"
 	"github.com/zitadel/zitadel/internal/database"
 	"github.com/zitadel/zitadel/internal/eventstore"
 )
 var (
 	//go:embed 25.sql
 	addLowerFieldsToVerifiedEmail string
 )
 type AddLowerFieldsToVerifiedEmail struct {
 	dbClient *database.DB
 }
 func (mig *AddLowerFieldsToVerifiedEmail) Execute(ctx context.Context, _ eventstore.Event) error {
 	_, err := mig.dbClient.ExecContext(ctx, addLowerFieldsToVerifiedEmail)
 	return err
 }
 func (mig *AddLowerFieldsToVerifiedEmail) String() string {
 	return "25_add_lower_fields_to_verified_email"
 }
--- a/cmd/setup/25.sql
+++ b/cmd/setup/25.sql
@ -0,0 +1,2 @@
 ALTER TABLE IF EXISTS projections.users10_notifications ADD COLUMN IF NOT EXISTS verified_email_lower TEXT GENERATED ALWAYS AS (lower(verified_email)) STORED;
 CREATE INDEX IF NOT EXISTS users10_notifications_email_search ON projections.users10_notifications (instance_id, verified_email_lower);
--- a/cmd/setup/config.go
+++ b/cmd/setup/config.go
@ -103,6 +103,7 @@ type Steps struct {
 	s22ActiveInstancesIndex           *ActiveInstanceEvents
 	s23CorrectGlobalUniqueConstraints *CorrectGlobalUniqueConstraints
 	s24AddActorToAuthTokens           *AddActorToAuthTokens
 	s25AddLowerFieldsToVerifiedEmail  *AddLowerFieldsToVerifiedEmail
 }
 func MustNewSteps(v *viper.Viper) *Steps {
--- a/cmd/setup/setup.go
+++ b/cmd/setup/setup.go
@ -137,6 +137,7 @@ func Setup(config *Config, steps *Steps, masterKey string) {
 	steps.s22ActiveInstancesIndex = &ActiveInstanceEvents{dbClient: queryDBClient}
 	steps.s23CorrectGlobalUniqueConstraints = &CorrectGlobalUniqueConstraints{dbClient: esPusherDBClient}
 	steps.s24AddActorToAuthTokens = &AddActorToAuthTokens{dbClient: queryDBClient}
 	steps.s25AddLowerFieldsToVerifiedEmail = &AddLowerFieldsToVerifiedEmail{dbClient: esPusherDBClient}
 	err = projection.Create(ctx, projectionDBClient, eventstoreClient, config.Projections, nil, nil, nil)
 	logging.OnError(err).Fatal("unable to start projections")
@ -186,6 +187,7 @@ func Setup(config *Config, steps *Steps, masterKey string) {
 	for _, step := range []migration.Migration{
 		steps.s18AddLowerFieldsToLoginNames,
 		steps.s21AddBlockFieldToLimits,
 		steps.s25AddLowerFieldsToVerifiedEmail,
 	} {
 		mustExecuteMigration(ctx, eventstoreClient, step, "migration failed")
 	}
--- a/internal/auth/repository/eventsourcing/view/user.go
+++ b/internal/auth/repository/eventsourcing/view/user.go
@ -50,7 +50,7 @@ func (v *View) UserByLoginNameAndResourceOwner(ctx context.Context, loginName, r
 }
 func (v *View) UserByEmail(ctx context.Context, email, instanceID string) (*model.UserView, error) {
-	emailQuery, err := query.NewUserVerifiedEmailSearchQuery(email, query.TextEqualsIgnoreCase)
+	emailQuery, err := query.NewUserVerifiedEmailSearchQuery(email)
 	if err != nil {
 		return nil, err
 	}
@ -58,7 +58,7 @@ func (v *View) UserByEmail(ctx context.Context, email, instanceID string) (*mode
 }
 func (v *View) UserByEmailAndResourceOwner(ctx context.Context, email, resourceOwner, instanceID string) (*model.UserView, error) {
-	emailQuery, err := query.NewUserVerifiedEmailSearchQuery(email, query.TextEquals)
+	emailQuery, err := query.NewUserVerifiedEmailSearchQuery(email)
 	if err != nil {
 		return nil, err
 	}
--- a/internal/query/projection/user.go
+++ b/internal/query/projection/user.go
@ -66,6 +66,7 @@ const (
 	NotifyInstanceIDCol         = "instance_id"
 	NotifyLastEmailCol          = "last_email"
 	NotifyVerifiedEmailCol      = "verified_email"
 	NotifyVerifiedEmailLowerCol = "verified_email_lower"
 	NotifyLastPhoneCol          = "last_phone"
 	NotifyVerifiedPhoneCol      = "verified_phone"
 	NotifyPasswordSetCol        = "password_set"
--- a/internal/query/user.go
+++ b/internal/query/user.go
@ -324,6 +324,10 @@ var (
 		table:          notifyTable,
 		isOrderByLower: true,
 	}
 	NotifyVerifiedEmailLowerCaseCol = Column{
 		name:  projection.NotifyVerifiedEmailLowerCol,
 		table: notifyTable,
 	}
 	NotifyPhoneCol = Column{
 		name:  projection.NotifyLastPhoneCol,
 		table: notifyTable,
@ -714,8 +718,8 @@ func NewUserPhoneSearchQuery(value string, comparison TextComparison) (SearchQue
 	return NewTextQuery(HumanPhoneCol, value, comparison)
 }
-func NewUserVerifiedEmailSearchQuery(value string, comparison TextComparison) (SearchQuery, error) {
+func NewUserVerifiedEmailSearchQuery(value string) (SearchQuery, error) {
-	return NewTextQuery(NotifyVerifiedEmailCol, value, comparison)
+	return NewTextQuery(NotifyVerifiedEmailLowerCaseCol, strings.ToLower(value), TextEquals)
 }
 func NewUserVerifiedPhoneSearchQuery(value string, comparison TextComparison) (SearchQuery, error) {
		`@ -0,0 +1,2 @@`
							`ALTER TABLE IF EXISTS projections.users10_notifications ADD COLUMN IF NOT EXISTS verified_email_lower TEXT GENERATED ALWAYS AS (lower(verified_email)) STORED;`
							`CREATE INDEX IF NOT EXISTS users10_notifications_email_search ON projections.users10_notifications (instance_id, verified_email_lower);`