• Home
  • Features
  • Pricing
  • Docs
  • Announcements
  • Sign In

vocdoni / saas-backend / 28367516223
63%

Build:
DEFAULT BRANCH: main
Ran 29 Jun 2026 11:12AM UTC
Jobs 1
Files 114
Run time 1min
Badge
Embed ▾
README BADGES
x

If you need to use a raster PNG badge, change the '.svg' to '.png' in the link

Markdown

Textile

RDoc

HTML

Rst

29 Jun 2026 11:05AM UTC coverage: 62.577% (+0.07%) from 62.512%
28367516223

push

github

web-flow
fix(members): normalize emails for case-insensitive CSP login (#511)

* fix(members): normalize emails to lowercase for case-insensitive CSP login

Member emails were stored as-typed (mixed case). The CSP 2FA login finds a
participant by recomputing a login hash that includes the email, then does an
exact, case-sensitive hash match, so a member stored as `User@X.com` could not
be matched by `user@x.com`. The `strings.EqualFold` check in verifyEmail runs
only after the hash lookup already succeeded, so it never helped with case.

Normalize at the write chokepoint and at login, and backfill existing data:

- internal: add NormalizeEmail (trim + lowercase) and extract the login-hash
  primitive into HashSortedFields so the migration and db share one
  implementation. The sha256.New().Sum(fmt.Append(...)) construction is the
  legacy on-disk format and must not change.
- db: refactor HashAuthTwoFaFields to use the shared primitive; lowercase the
  email in prepareOrgMember (the single write path all member inserts/upserts
  and bulk/CSV imports funnel through), so stored emails and the hashes derived
  from them are canonical.
- csp: lowercase the login email input in authFirstStep so the lookup hash
  matches the now-normalized stored hash.
- migrations: add 0012 to lowercase existing member emails and recompute the
  affected participant login hashes. Members whose lowercased email would
  collide on a census login hash (unique index from 0008) are skipped and
  logged for manual review instead of aborting the run. Irreversible by design.

Tests: migration normalization + hash recompute + end-to-end login lookup,
collision skip, and write-path normalization.


Co-authored-by: Guido Iribarren <git@guidoi.com.ar>

124 of 179 new or added lines in 5 files covered. (69.27%)

10210 of 16316 relevant lines covered (62.58%)

44.92 hits per line

Uncovered Changes

Lines Coverage ∆ File
55
67.26
migrations/0015_normalize_member_emails.go
Jobs
ID Job ID Ran Files Coverage
1 28367516223.1 29 Jun 2026 11:12AM UTC 114
62.58
GitHub Action Run
Source Files on build 28367516223
  • Tree
  • List 114
  • Changed 4
  • Source Changed 0
  • Coverage Changed 4
Coverage ∆ File Lines Relevant Covered Missed Hits/Line
  • Back to Repo
  • db6a6b37 on github
  • Prev Build on main (#28366841422)
  • Next Build on main (#28381058341)
STATUS · Troubleshooting · Open an Issue · Sales · Support · CAREERS · ENTERPRISE · START FREE · SCHEDULE DEMO
ANNOUNCEMENTS · TWITTER · TOS & SLA · Supported CI Services · What's a CI service? · Automated Testing

© 2026 Coveralls, Inc