email 2fa is not case sensitive

2025-04-18 19:48:12 -05:00 · 2017-11-02 23:29:58 -04:00 · 2017-11-02 23:29:58 -04:00 · 50a4202739
commit 50a4202739
parent 6e302e06dc
2 changed files with 6 additions and 4 deletions
--- a/src/Core/Models/Api/Request/TwoFactorRequestModels.cs
+++ b/src/Core/Models/Api/Request/TwoFactorRequestModels.cs
@ -190,7 +190,7 @@ namespace Bit.Core.Models.Api

            providers.Add(TwoFactorProviderType.Email, new TwoFactorProvider
            {
-                MetaData = new Dictionary<string, object> { ["Email"] = Email },
+                MetaData = new Dictionary<string, object> { ["Email"] = Email.ToLowerInvariant() },
                Enabled = true
            });
            extistingUser.SetTwoFactorProviders(providers);
--- a/src/Core/Services/Implementations/UserService.cs
+++ b/src/Core/Services/Implementations/UserService.cs
@ -245,9 +245,10 @@ namespace Bit.Core.Services
                throw new ArgumentNullException("No email.");
            }

+            var email = ((string)provider.MetaData["Email"]).ToLowerInvariant();
            var token = await base.GenerateUserTokenAsync(user, TokenOptions.DefaultEmailProvider,
-                "2faEmail:" + provider.MetaData["Email"]);
-            await _mailService.SendTwoFactorEmailAsync((string)provider.MetaData["Email"], token);
+                "2faEmail:" + email);
+            await _mailService.SendTwoFactorEmailAsync(email, token);
        }

        public async Task<bool> VerifyTwoFactorEmailAsync(User user, string token)
@ -258,8 +259,9 @@ namespace Bit.Core.Services
                throw new ArgumentNullException("No email.");
            }

+            var email = ((string)provider.MetaData["Email"]).ToLowerInvariant();
            return await base.VerifyUserTokenAsync(user, TokenOptions.DefaultEmailProvider,
-                "2faEmail:" + provider.MetaData["Email"], token);
+                "2faEmail:" + email, token);
        }

        public async Task<U2fRegistration> StartU2fRegistrationAsync(User user)