GetUserByEmailContext erroneous handling of email case

[smunaut]

Gitea Version

1.16.1

Git Version

No response

Operating System

No response

How are you running Gitea?

Irrelevant, I can see the bug in the code ...

Database

No response

Can you reproduce the bug on the Gitea demo site?

No

Log Gist

No response

Description

The GetUserByEmailContext function lowers the case of the email before searching for it ( email = strings.ToLower(email) ), but the email stored in the DB is with whatever case the user entered it and is not necessarily lower case.

Also as a side note, technically only the host part of the email is case insensitive, there is nothing in the spec saying the part before the @ has to be insensitive AFAICT. It'd be dumb and confusing, but technically spec-compliant.

Screenshots

No response

[lunny]

Please paste the code here.

[smunaut]

func GetUserByEmailContext(ctx context.Context, email string) (*User, error) {
	if len(email) == 0 {
		return nil, ErrUserNotExist{0, email, 0}
	}

	email = strings.ToLower(email)
	// First try to find the user by primary email
	user := &User{Email: email}
	has, err := db.GetEngine(ctx).Get(user)
	if err != nil {
		return nil, err
	}
	if has {
		return user, nil
	}

	// Otherwise, check in alternative list for activated email addresses
	emailAddress := &EmailAddress{Email: email, IsActivated: true}
	has, err = db.GetEngine(ctx).Get(emailAddress)
	if err != nil {
		return nil, err
	}
	if has {
		return GetUserByIDCtx(ctx, emailAddress.UID)
	}

        ///......
}

[smunaut]

AFAICT this has been introduced in b9d611e when instead of lowering the email manually a new LowerEmail was added, but here it still matches against Email.