make username lowercase

server/routers/auth/login.ts

@@ -23,8 +23,8 @@ export const loginBodySchema = z
     .object({
         email: z
             .string()
-            .email()
+            .toLowerCase()
-            .transform((v) => v.toLowerCase()),
+            .email(),
         password: z.string(),
         code: z.string().optional()
     })

server/routers/auth/requestPasswordReset.ts

@@ -20,8 +20,8 @@ export const requestPasswordResetBody = z
     .object({
         email: z
             .string()
-            .email()
+            .toLowerCase()
-            .transform((v) => v.toLowerCase())
+            .email(),
     })
     .strict();
 

server/routers/auth/resetPassword.ts

@@ -21,8 +21,8 @@ export const resetPasswordBody = z
     .object({
         email: z
             .string()
-            .email()
+            .toLowerCase()
-            .transform((v) => v.toLowerCase()),
+            .email(),
         token: z.string(), // reset secret code
         newPassword: passwordSchema,
         code: z.string().optional() // 2fa code

server/routers/auth/signup.ts

@@ -26,8 +26,8 @@ import { UserType } from "@server/types/UserTypes";
 export const signupBodySchema = z.object({
     email: z
         .string()
-        .email()
+        .toLowerCase()
-        .transform((v) => v.toLowerCase()),
+        .email(),
     password: passwordSchema,
     inviteToken: z.string().optional(),
     inviteId: z.string().optional()

server/routers/idp/validateOidcCallback.ts

@@ -172,10 +172,10 @@ export async function validateOidcCallback(
         const claims = arctic.decodeIdToken(idToken);
         logger.debug("ID token claims", { claims });
 
-        const userIdentifier = jmespath.search(
+        let userIdentifier = jmespath.search(
             claims,
             existingIdp.idpOidcConfig.identifierPath
-        );
+        ) as string | null;
 
         if (!userIdentifier) {
             return next(
@@ -186,6 +186,8 @@ export async function validateOidcCallback(
             );
         }
 
+        userIdentifier = userIdentifier.toLowerCase();
+
         logger.debug("User identifier", { userIdentifier });
 
         let email = null;

server/routers/resource/authWithWhitelist.ts

@@ -22,8 +22,8 @@ const authWithWhitelistBodySchema = z
     .object({
         email: z
             .string()
-            .email()
+            .toLowerCase()
-            .transform((v) => v.toLowerCase()),
+            .email(),
         otp: z.string().optional()
     })
     .strict();

server/routers/user/createOrgUser.ts

@@ -21,6 +21,7 @@ const bodySchema = z
     .object({
         email: z
             .string()
+            .toLowerCase()
             .optional()
             .refine((data) => {
                 if (data) {
@@ -28,7 +29,7 @@ const bodySchema = z
                 }
                 return true;
             }),
-        username: z.string().nonempty(),
+        username: z.string().nonempty().toLowerCase(),
         name: z.string().optional(),
         type: z.enum(["internal", "oidc"]).optional(),
         idpId: z.number().optional(),

server/routers/user/inviteUser.ts

@@ -30,8 +30,8 @@ const inviteUserBodySchema = z
     .object({
         email: z
             .string()
-            .email()
+            .toLowerCase()
-            .transform((v) => v.toLowerCase()),
+            .email(),
         roleId: z.number(),
         validHours: z.number().gt(0).lte(168),
         sendEmail: z.boolean().optional(),