Email is case sensitive for user profile - when resetting password #9869
Description
Describe the bug
When a user tries to reset their password, the system performs a case-sensitive lookup of the e-mail address. If the address stored in the database differs in letter-case from the address the user types, OpenCRVS returns “Email address not found” even though the account exists.
Example:
- stored: [email protected]
- entered: [email protected] → email address not found
Which feature of OpenCRVS your bug concern?
Application feature → Login / Password reset
To Reproduce
- Ensure a user account exists with the e-mail address saved in mixed case (e.g.
[email protected]). - From the login page, click “Forgot password?”.
- In the “Please enter your email address” field, type the same address but in a different case (e.g.
[email protected]). - Submit the form.
- Observe the error banner: “Email address not found.”
Expected behaviour
Treat e-mail addresses as case-insensitive, find the matching account, and send the password-reset e-mail.
Actual behaviour
The system performs a case-sensitive match and fails to recognise the account, returning “Email address not found.” Users are blocked from resetting their passwords.
OpenCRVS Core Version:
TBC
Country Configuration Version:
v 1.6.5
Several production users are unable to access NiueCRVS
Technical approach
- W̶r̶i̶t̶e̶ a̶ m̶i̶g̶r̶a̶t̶i̶o̶n̶ t̶h̶a̶t̶ n̶o̶r̶m̶a̶l̶i̶s̶e̶s̶ a̶l̶l̶ u̶s̶e̶r̶ e̶m̶a̶i̶l̶ a̶d̶d̶r̶e̶s̶s̶e̶s̶ t̶o̶ l̶o̶w̶e̶r̶c̶a̶s̶e̶
- In all places where we search the database with an email address, first transform the input term to lowercase before making the comparison (see Euan's comment below)
Metadata
Metadata
Assignees
Type
Projects
Status