Magic Link (Email OTP) Login Fails Due to Case-Sensitive Email Matching

[chen5656]

Description

When registering with [email protected] the first time, the magic link (email OTP) login flow works as expected. However, attempting to log in using a differently cased email address (e.g. [email protected]) causes the login to fail.

Steps to Reproduce

1. Set up Auth Method with Magic Link (Email OTP) only.
2. Register a new account with [email protected].
3. Log out of the application.
4. Sign in or Sign up with [email protected] (note the uppercase “G”).
5. Submit the received code.
6. Observe error in the console: StackAssertionError: Failed to send request to https://api.stack-auth.com/api/v1/auth/otp/sign-in: 500 Something went wrong. Please make sure the data you entered is correct.

Expected Behavior

Can not sign in. Observe error in the console: StackAssertionError: Failed to send request to https://api.stack-auth.com/api/v1/auth/otp/sign-in: 500 Something went wrong. Please make sure the data you entered is correct.

Environment

• @stackframe/stack version: 2.8.27
• Operating System: macOS

Additional Context

• The issue does not occur when using the exact same casing.
• Deleting node_modules and reinstalling dependencies did not resolve the problem.

[ArvindParekh]

Hi. I believe this occurs due to case-sensitive database lookup on the second try (using the email with uppercase 'G'). I was exploring the codebase, and I found a normalizeEmail function. Using the function to normalize the email (convert it to all lowercase) before passing it off as an argument to the database call should solve this issue. Maintainers, feel free to correct me here. I'll try to create a draft PR in the meantime to gather more feedback.

[tinkerer-shubh]

hey @ArvindParekh! are you still working on this?

[ArvindParekh]

Hi, I am, yes. Raising a PR by the end of day.

[tinkerer-shubh]

okay. happy hacking :)