Fix use case-insensitive email lookup and comparison during login (#5145)

fix: use case-insensitive email lookup and comparison
2025-09-05 21:04:12 +08:00 · 2025-09-05 21:04:12 +08:00 · c17dd1f141
parent 42fed5713e
commit c17dd1f141
2 changed files with 4 additions and 3 deletions
--- a/packages/server/src/enterprise/services/account.service.ts
+++ b/packages/server/src/enterprise/services/account.service.ts
@ -176,7 +176,7 @@ export class AccountService {
                if (data.user.tempToken) {
                    const user = await this.userService.readUserByToken(data.user.tempToken, queryRunner)
                    if (!user) throw new InternalFlowiseError(StatusCodes.NOT_FOUND, UserErrorMessage.USER_NOT_FOUND)
-                    if (user.email !== data.user.email)
+                    if (user.email.toLowerCase() !== data.user.email?.toLowerCase())
                        throw new InternalFlowiseError(StatusCodes.BAD_REQUEST, UserErrorMessage.INVALID_USER_EMAIL)
                    const name = data.user.name
                    if (data.user.credential) user.credential = this.userService.encryptUserCredential(data.user.credential)
--- a/packages/server/src/enterprise/services/user.service.ts
+++ b/packages/server/src/enterprise/services/user.service.ts
@ -5,7 +5,7 @@ import { getRunningExpressApp } from '../../utils/getRunningExpressApp'
 import { Telemetry, TelemetryEventType } from '../../utils/telemetry'
 import { User, UserStatus } from '../database/entities/user.entity'
 import { isInvalidEmail, isInvalidName, isInvalidPassword, isInvalidUUID } from '../utils/validation.util'
-import { DataSource, QueryRunner } from 'typeorm'
+import { DataSource, ILike, QueryRunner } from 'typeorm'
 import { generateId } from '../../utils'
 import { GeneralErrorMessage } from '../../utils/constants'
 import { getHash } from '../utils/encryption.util'
@ -54,8 +54,9 @@ export class UserService {
    }

    public async readUserByEmail(email: string | undefined, queryRunner: QueryRunner) {
+        if (!email) throw new InternalFlowiseError(StatusCodes.BAD_REQUEST, UserErrorMessage.INVALID_USER_EMAIL)
        this.validateUserEmail(email)
-        return await queryRunner.manager.findOneBy(User, { email })
+        return await queryRunner.manager.findOneBy(User, { email: ILike(email) })
    }

    public async readUserByToken(token: string | undefined, queryRunner: QueryRunner) {