auth: Treat emails case-insensitively in ExternalAuthResult.

Our intent throughout the codebase is to treat email case-insensitively. The only codepath affected by this bug is remote_user_sso, as that's the only one that currently passes potentially both a user_profile and ExternalAuthDataDict when creating the ExternalAuthResult. That's why we add a test specifically for that codepath.
2025-11-02 04:53:36 +00:00 · 2020-08-05 16:40:41 +02:00
parent d512594382
commit 15752067dc
2 changed files with 9 additions and 1 deletions
--- a/zproject/backends.py
+++ b/zproject/backends.py
@@ -985,7 +985,7 @@ class ExternalAuthResult:
        if self.user_profile is not None:
            # Ensure data inconsistent with the user_profile wasn't passed in inside the data_dict argument.
            assert 'full_name' not in data_dict or data_dict['full_name'] == self.user_profile.full_name
-            assert 'email' not in data_dict or data_dict['email'] == self.user_profile.delivery_email
+            assert 'email' not in data_dict or data_dict['email'].lower() == self.user_profile.delivery_email.lower()
            # Update these data_dict fields to ensure consistency with self.user_profile. This is mostly
            # defensive code, but is useful in these scenarios:
            # 1. user_profile argument was passed in, and no full_name or email_data in the data_dict arg.