LP#1491571: Ignore Case when Checking PW Reset email
authorJason Boyer <jboyer@library.in.gov>
Wed, 2 Sep 2015 20:20:13 +0000 (16:20 -0400)
committerBen Shum <ben@evergreener.net>
Sat, 27 Feb 2016 23:18:49 +0000 (18:18 -0500)
Emails are not passwords and are not case sensitive;
while it is a good idea to require patrons to prove
they know the address associated with their account
it is not cool to deny them because they don't know
the capitalization of the value in the database.

Signed-off-by: Jason Boyer <jboyer@library.in.gov>
Signed-off-by: Ben Shum <ben@evergreener.net>
Open-ILS/src/perlmods/lib/OpenILS/Application/Actor.pm

index 2d7c5d6..80da51b 100644 (file)
@@ -3929,7 +3929,7 @@ sub request_password_reset {
     
     my $email_must_match = $U->ou_ancestor_setting_value($user->home_ou, 'circ.password_reset_request_requires_matching_email');
     if ($email_must_match) {
     
     my $email_must_match = $U->ou_ancestor_setting_value($user->home_ou, 'circ.password_reset_request_requires_matching_email');
     if ($email_must_match) {
-        if ($user->email ne $email) {
+        if (lc($user->email) ne lc($email)) {
             return OpenILS::Event->new('EMAIL_VERIFICATION_FAILED');
         }
     }
             return OpenILS::Event->new('EMAIL_VERIFICATION_FAILED');
         }
     }