From 19457038937c4b5e65280f1288f5ecf21660022d Mon Sep 17 00:00:00 2001 From: hobokenchicken Date: Tue, 30 Jun 2026 08:24:41 -0400 Subject: [PATCH] fix: case-insensitive login for username and email --- internal/auth/handlers.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/internal/auth/handlers.go b/internal/auth/handlers.go index f873528..325c45b 100644 --- a/internal/auth/handlers.go +++ b/internal/auth/handlers.go @@ -172,7 +172,7 @@ func (h *Handler) Login(w http.ResponseWriter, r *http.Request) { var userID, hash string err := h.db.QueryRowContext(r.Context(), ` - SELECT id, password_hash FROM users WHERE email = $1 OR username = $1 + SELECT id, password_hash FROM users WHERE LOWER(email) = LOWER($1) OR LOWER(username) = LOWER($1) `, login).Scan(&userID, &hash) if err != nil { http.Error(w, `{"error":"invalid credentials"}`, http.StatusUnauthorized)