fix(api): fix isUserExistingByEmail case insensitive user account search

Author: lego-technix

api/src/identity-access-management/infrastructure/repositories/user.repository.js

@@ -265,7 +265,7 @@ const checkIfEmailIsAvailable = async function (email) {
 };
 
 const isUserExistingByEmail = async function (email) {
-  const existingUser = await knex('users').where('email', email.toLowerCase()).first();
+  const existingUser = await knex('users').whereRaw('LOWER("email") = ?', email.toLowerCase()).first();
   if (!existingUser) throw new UserNotFoundError();
   return true;
 };

api/tests/identity-access-management/integration/domain/usecases/create-reset-password-demand.usecase.test.js

@@ -22,6 +22,29 @@ describe('Integration | Identity Access Management | Domain | UseCase | create-r
     expect(resetPasswordDemand).to.exist;
   });
 
+  context('when a user account exists but with an email differing by case', function () {
+    it('creates a reset password demand', async function () {
+      // given
+      const accountEmail = '[email protected]';
+      const passwordResetDemandEmail = '[email protected]';
+      const userId = databaseBuilder.factory.buildUser({ email: accountEmail }).id;
+      databaseBuilder.factory.buildAuthenticationMethod.withPixAsIdentityProviderAndHashedPassword({ userId });
+      await databaseBuilder.commit();
+
+      // when
+      await usecases.createResetPasswordDemand({
+        email: passwordResetDemandEmail,
+        locale,
+      });
+
+      // then
+      const resetPasswordDemand = await knex('reset-password-demands')
+        .whereRaw('LOWER("email") = LOWER(?)', passwordResetDemandEmail)
+        .first();
+      expect(resetPasswordDemand).to.exist;
+    });
+  });
+
   context('when user account does not exist with given email', function () {
     it('does not create a reset password demand', async function () {
       // given

api/tests/identity-access-management/integration/infrastructure/repositories/user.repository.test.js

@@ -1816,33 +1816,38 @@ describe('Integration | Identity Access Management | Infrastructure | Repository
   });
 
   describe('#isUserExistingByEmail', function () {
-    const email = '[email protected]';
+    const email = '[email protected]';
 
     beforeEach(function () {
       databaseBuilder.factory.buildUser({ email });
       databaseBuilder.factory.buildUser();
       return databaseBuilder.commit();
     });
 
-    it('returns true when the user exists by email', async function () {
+    it('finds a user with the exact email', async function () {
       const userExists = await userRepository.isUserExistingByEmail(email);
       expect(userExists).to.be.true;
     });
 
-    it('returns true when the user exists by email (case insensitive)', async function () {
-      // given
-      const uppercaseEmailAlreadyInDb = email.toUpperCase();
+    context('when a user exists but with an email differing by case (case insensitive search)', function () {
+      it('finds the user', async function () {
+        // given
+        const uppercaseEmailAlreadyInDb = email.toUpperCase();
 
-      // when
-      const userExists = await userRepository.isUserExistingByEmail(uppercaseEmailAlreadyInDb);
+        // when
+        const userExists = await userRepository.isUserExistingByEmail(uppercaseEmailAlreadyInDb);
 
-      // then
-      expect(userExists).to.be.true;
+        // then
+        expect(userExists).to.be.true;
+      });
     });
 
-    it('throws an error when the user does not exist by email', async function () {
-      const err = await catchErr(userRepository.isUserExistingByEmail)('none');
-      expect(err).to.be.instanceOf(UserNotFoundError);
+    context('when no user account with a matching email exist', function () {
+      it('throws an error', async function () {
+        const searchedEmail = '[email protected]';
+        const err = await catchErr(userRepository.isUserExistingByEmail)(searchedEmail);
+        expect(err).to.be.instanceOf(UserNotFoundError);
+      });
     });
   });