Case insensitive emails in password resets

nygrenh · nygrenh · commit 865175dd7edf · 2018-05-18T10:29:56.000+03:00
diff --git a/app/controllers/api/v8/users/password_reset_controller.rb b/app/controllers/api/v8/users/password_reset_controller.rb
@@ -15,7 +15,7 @@ def create
             }
           end
 
-          user = User.find_by_email(@email)
+          user = User.find_by('lower(email) = ?', @email.downcase)
           unless user
             return render json: {
               success: false,
diff --git a/app/controllers/password_reset_keys_controller.rb b/app/controllers/password_reset_keys_controller.rb
@@ -12,7 +12,7 @@ def create
       return redirect_to(new_password_reset_key_path, alert: 'No e-mail address provided')
     end
 
-    user = User.find_by_email(@email)
+    user = User.find_by('lower(email) = ?', @email.downcase)
     unless user
       return redirect_to(new_password_reset_key_path, alert: 'No such e-mail address registered')
     end
@@ -61,4 +61,4 @@ def find_key_and_user
     fail ActiveRecord::RecordNotFound.new('Invalid password reset key') if @key.nil? || @key.expired?
     @user = @key.user
   end
-end
+end

Original file line number	Diff line number	Diff line change
`@@ -15,7 +15,7 @@ def create`
`15`	`15`	`}`
`16`	`16`	`end`
`17`	`17`
`18`		`- user = User.find_by_email(@email)`
	`18`	`+ user = User.find_by('lower(email) = ?', @email.downcase)`
`19`	`19`	`unless user`
`20`	`20`	`return render json: {`
`21`	`21`	`success: false,`