Normalize email address before saving (#2934)

* normalize email before saving * fix copy/paste error * Run php-cs-fixer
cerpus · Feb 13, 2025 · 14329d9 · 14329d9
1 parent f064e56
commit 14329d9
Show file tree

Hide file tree

Showing 6 changed files with 100 additions and 2 deletions.
diff --git a/sourcecode/hub/app/Http/Requests/Api/UserRequest.php b/sourcecode/hub/app/Http/Requests/Api/UserRequest.php
@@ -10,8 +10,22 @@
 use Illuminate\Foundation\Http\FormRequest;
 use Illuminate\Validation\Rule;
 
+use function is_string;
+use function strtolower;
+
 class UserRequest extends FormRequest
 {
+    protected function prepareForValidation(): void
+    {
+        $email = $this->input('email');
+
+        if (is_string($email)) {
+            $this->merge([
+                'email' => strtolower($email),
+            ]);
+        }
+    }
+
     /**
      * @return array<string, mixed>
      */

diff --git a/sourcecode/hub/app/Http/Requests/StoreUserRequest.php b/sourcecode/hub/app/Http/Requests/StoreUserRequest.php
@@ -9,8 +9,22 @@
 use Illuminate\Validation\Rule;
 use Illuminate\Validation\Rules\Password;
 
+use function is_string;
+use function strtolower;
+
 final class StoreUserRequest extends FormRequest
 {
+    protected function prepareForValidation(): void
+    {
+        $email = $this->input('email');
+
+        if (is_string($email)) {
+            $this->merge([
+                'email' => strtolower($email),
+            ]);
+        }
+    }
+
     /**
      * @return array<string, mixed>
      */

diff --git a/sourcecode/hub/app/Http/Requests/UpdateUserRequest.php b/sourcecode/hub/app/Http/Requests/UpdateUserRequest.php
@@ -7,8 +7,22 @@
 use Illuminate\Foundation\Http\FormRequest;
 use Illuminate\Validation\Rules\Password;
 
+use function is_string;
+use function strtolower;
+
 class UpdateUserRequest extends FormRequest
 {
+    protected function prepareForValidation(): void
+    {
+        $email = $this->input('email');
+
+        if (is_string($email)) {
+            $this->merge([
+                'email' => strtolower($email),
+            ]);
+        }
+    }
+
     /**
      * @return array<string, mixed>
      */

diff --git a/sourcecode/hub/app/Models/User.php b/sourcecode/hub/app/Models/User.php
@@ -78,9 +78,9 @@ class User extends Model implements AuthenticatableContract
         'email_verified' => true,
     ];
 
-    public function setEmailAttribute(string|null $email): void
+    public function setEmailAttribute(string $email): void
     {
-        $this->attributes['email'] = $email;
+        $this->attributes['email'] = strtolower($email);
 
         if ($this->exists && $email !== $this->getOriginal('email')) {
             $this->attributes['email_verified'] = false;

diff --git a/sourcecode/hub/tests/Browser/UserTest.php b/sourcecode/hub/tests/Browser/UserTest.php
@@ -47,6 +47,22 @@ public function testUserCannotSignUpWithDuplicateEmail(): void
         });
     }
 
+    public function testEmailIsNormalizedUponRegistration(): void
+    {
+        $this->browse(function (Browser $browser) {
+            $browser->visit('/register')
+                ->assertGuest()
+                ->type('name', 'E. Mel')
+                ->type('email', '[email protected]')
+                ->type('password', 'my password')
+                ->type('password_confirmation', 'my password')
+                ->press('Sign up')
+                ->assertAuthenticated()
+                ->visit('/my-account')
+                ->assertInputValue('email', '[email protected]');
+        });
+    }
+
     public function testUserCanChangeLanguage(): void
     {
         User::factory()->create([
@@ -169,6 +185,24 @@ public function testUserCanChangeEmail(): void
         });
     }
 
+    public function testEmailIsNormalizedUponChanging(): void
+    {
+        User::factory()->withEmail('[email protected]')->create();
+
+        $this->browse(
+            fn(Browser $browser) => $browser
+                ->loginAs('[email protected]')
+                ->assertAuthenticated()
+                ->visit('/my-account')
+                ->type('email', '[email protected]')
+                ->press('Save')
+                // The login should be invalid if the email didn't normalize.
+                // In that case, we wouldn't be able to see these.
+                ->assertSee('Account updated successfully')
+                ->assertInputValue('email', '[email protected]'),
+        );
+    }
+
     public function testUserCanDisconnectFacebookAndGoogleIDWithPassword(): void
     {
         User::factory()->create([

diff --git a/sourcecode/hub/tests/Feature/Api/UserTest.php b/sourcecode/hub/tests/Feature/Api/UserTest.php
@@ -134,4 +134,26 @@ public function testCreatedAtIsOverrideable(): void
                     ),
             );
     }
+
+    public function testEmailIsNormalizedBeforeSaving(): void
+    {
+        $user = User::factory()->admin()->create();
+
+        $this
+            ->withBasicAuth($user->getApiKey(), $user->getApiSecret())
+            ->postJson('/api/users', [
+                'name' => 'E. Mel',
+                'email' => '[email protected]',
+            ])
+            ->assertCreated()
+            ->assertJson(
+                fn(AssertableJson $json) => $json
+                    ->has(
+                        'data',
+                        fn(AssertableJson $json) => $json
+                            ->where('email', '[email protected]')
+                            ->etc(),
+                    ),
+            );
+    }
 }