From 2c78825827c6e0afab9414845b061e9109238525 Mon Sep 17 00:00:00 2001 From: Ashutosh Gangwar Date: Sun, 19 Jun 2022 09:13:41 +0530 Subject: [PATCH] make emails case-insensitive in account service --- .../trynoice/api/identity/AccountService.java | 2 ++ .../api/identity/AccountServiceTest.java | 26 +++++++++++++++++++ 2 files changed, 28 insertions(+) diff --git a/src/main/java/com/trynoice/api/identity/AccountService.java b/src/main/java/com/trynoice/api/identity/AccountService.java index 576c366..6687d89 100644 --- a/src/main/java/com/trynoice/api/identity/AccountService.java +++ b/src/main/java/com/trynoice/api/identity/AccountService.java @@ -90,6 +90,7 @@ class AccountService implements AccountServiceContract { */ @Transactional(rollbackFor = Throwable.class) public void signUp(@NonNull SignUpParams params) throws TooManySignInAttemptsException { + params.setEmail(params.getEmail().toLowerCase()); val user = authUserRepository.findByEmail(params.getEmail()) .orElseGet(() -> authUserRepository.save( AuthUser.builder() @@ -111,6 +112,7 @@ public void signUp(@NonNull SignUpParams params) throws TooManySignInAttemptsExc */ @Transactional(rollbackFor = Throwable.class) public void signIn(@NonNull SignInParams params) throws AccountNotFoundException, TooManySignInAttemptsException { + params.setEmail(params.getEmail().toLowerCase()); val user = authUserRepository.findByEmail(params.getEmail()) .orElseThrow(() -> { val msg = String.format("account with email '%s' doesn't exist", params.getEmail()); diff --git a/src/test/java/com/trynoice/api/identity/AccountServiceTest.java b/src/test/java/com/trynoice/api/identity/AccountServiceTest.java index ce6420c..2771c8f 100644 --- a/src/test/java/com/trynoice/api/identity/AccountServiceTest.java +++ b/src/test/java/com/trynoice/api/identity/AccountServiceTest.java @@ -31,6 +31,8 @@ import static org.junit.jupiter.api.Assertions.assertNull; import static org.junit.jupiter.api.Assertions.assertThrows; import static org.mockito.ArgumentMatchers.any; +import static org.mockito.ArgumentMatchers.argThat; +import static org.mockito.Mockito.atLeastOnce; import static org.mockito.Mockito.lenient; import static org.mockito.Mockito.times; import static org.mockito.Mockito.verify; @@ -129,6 +131,19 @@ void signUp_withBlacklistedEmail() { service.signUp(new SignUpParams(authUser.getEmail(), authUser.getName()))); } + @Test + void signUp_emailCaseInsensitivity() { + val email = "ABcD@api.test"; + val authUser = buildAuthUser(); + authUser.setEmail(email); + val refreshToken = buildRefreshToken(authUser); + when(authUserRepository.findByEmail(any())).thenReturn(Optional.empty()); + when(authUserRepository.save(any())).thenAnswer(i -> i.getArgument(0)); + when(refreshTokenRepository.save(any())).thenReturn(refreshToken); + assertDoesNotThrow(() -> service.signUp(new SignUpParams(authUser.getEmail(), authUser.getName()))); + verify(authUserRepository, atLeastOnce()).save(argThat(a -> a.getEmail().equals(email.toLowerCase()))); + } + @Test void signIn_withExistingAccount() throws AccountNotFoundException, TooManySignInAttemptsException { val authUser = buildAuthUser(); @@ -167,6 +182,17 @@ void signIn_withBlacklistedEmail() { assertThrows(TooManySignInAttemptsException.class, () -> service.signIn(new SignInParams(authUser.getEmail()))); } + @Test + void signIn_emailCaseInsensitivity() { + val email = "ABcD@api.test"; + val authUser = buildAuthUser(); + authUser.setEmail(email); + val refreshToken = buildRefreshToken(authUser); + when(authUserRepository.findByEmail(email.toLowerCase())).thenReturn(Optional.of(authUser)); + when(refreshTokenRepository.save(any())).thenReturn(refreshToken); + assertDoesNotThrow(() -> service.signIn(new SignInParams(authUser.getEmail()))); + } + @Test void signOut_withInvalidJWT() { assertThrows(RefreshTokenVerificationException.class, () -> service.signOut("invalid-jwt", "valid-acess-jwt"));