User's Email will turn lower case automatically

[prosopa]

• Gitea version (or commit ref): 1.11
• Git version:
• Operating system:
• Database (use [x]):
  • PostgreSQL
  • MySQL
  • MSSQL
  • SQLite
• Can you reproduce the bug at https://try.gitea.io:
  • Yes (provide example URL)
  • No
  • Not relevant
• Log gist:

Description

When the user email contains capital letter, e.g. BugHere@example.com, Gitea will turn all capital letter to lower case, e.g. bughere@example.com
...

Screenshots

Setting Email as BugHere@example.com

Result

[davidsvantesson]

It is done to ensure not two registrations can be done with same email addresses. I think all mail servers/hosts treat full email address case insensitive.

[prosopa]

A little bit strange to the user.
Why not doing duplication check "background"?
I mean, just show what they are typed.

[lunny]

I think this should be a bug. We should add a new lower_email column to ensure the unique email address.

[lafriks]

I don't think it is bug as email addresses are case insensitive so I don't really see problem in lower-casing email addresses

[pezhovski]

Hi @lafriks, sorry to bring this up, I was looking for reasons why there is lower_email field and what it purpose and found this.
I think standard states that local-part of email address may be case sensitive and it should be treated as so
https://www.rfc-editor.org/rfc/rfc5321#section-2.4

The local-part of a mailbox MUST BE treated as case sensitive.

So converting email to lower case by default is a bug and could possibly lead to leaking of a private data.

[lafriks]

They may be but to be honest I have not seen SMTP server that would treat User@example.com and user@example.com as different email addresses. In practice you can write email address in any casing combinations and it will be delivered to same user account. Problem from security perspective is that we could end up having user with the same email address otherwise