Closed tonyc closed 5 years ago
🤦♂️
I just tested this a bit more, and this isn't actually the case. (tested with my own account).
Sorry for the noise!
This has resurfaced, but it's actually an issue with password resets: If you try to reset your password, but don't enter your email exactly how it is in the database, it will fail to find the record.
The query that PasswordResetsController uses to find the participant should do a case-insensitive search, e.g. something like:
def Participant.find_by_case_insensitive_email(email)
where(['lower(email) = ?', email.to_s.downcase]).first
end
…or we should normalize emails to lowercase in a pre-save hook, so they're still indexable. Not that it matters on a DB of this size.
If you register with the email address
User@example.com
(note the uppercase U), you can't sign in withuser@example.com
, or sign-up again because the system isn't usingLOWER(email)
when checking.