fix: case-insensitive login for username and email

This commit is contained in:
2026-06-30 08:24:41 -04:00
parent e380d4e381
commit 1945703893
+1 -1
View File
@@ -172,7 +172,7 @@ func (h *Handler) Login(w http.ResponseWriter, r *http.Request) {
var userID, hash string
err := h.db.QueryRowContext(r.Context(), `
SELECT id, password_hash FROM users WHERE email = $1 OR username = $1
SELECT id, password_hash FROM users WHERE LOWER(email) = LOWER($1) OR LOWER(username) = LOWER($1)
`, login).Scan(&userID, &hash)
if err != nil {
http.Error(w, `{"error":"invalid credentials"}`, http.StatusUnauthorized)