Fixes jocosocial#175.

Username in the forgot password flow now uses case-insensitive search in the DB, matching the behavior of the login flow (and the existing-user check in user creation).
cohoe · Dec 16, 2023 · e31bc04 · e31bc04
1 parent f3b667f
commit e31bc04
Showing 1 changed file with 1 addition and 2 deletions.
diff --git a/Sources/swiftarr/Controllers/AuthController.swift b/Sources/swiftarr/Controllers/AuthController.swift
@@ -102,8 +102,7 @@ struct AuthController: APIRouteCollection {
 		// see `UserRecoveryData.validations()`
 		let data = try ValidatingJSONDecoder().decode(UserRecoveryData.self, fromBodyOf: req)
 		// find data.username user
-		let user = try await User.query(on: req.db).filter(\.$username == data.username).first()
-		guard let user = user else {
+		guard let user = try await User.query(on: req.db).filter(\.$username, .custom("ilike"), data.username).first() else {
 			throw Abort(.badRequest, reason: "username \"\(data.username)\" not found")
 		}
 		// no login for punks