fix: case-insensitive login for username and email
This commit is contained in:
@@ -172,7 +172,7 @@ func (h *Handler) Login(w http.ResponseWriter, r *http.Request) {
|
|||||||
|
|
||||||
var userID, hash string
|
var userID, hash string
|
||||||
err := h.db.QueryRowContext(r.Context(), `
|
err := h.db.QueryRowContext(r.Context(), `
|
||||||
SELECT id, password_hash FROM users WHERE email = $1 OR username = $1
|
SELECT id, password_hash FROM users WHERE LOWER(email) = LOWER($1) OR LOWER(username) = LOWER($1)
|
||||||
`, login).Scan(&userID, &hash)
|
`, login).Scan(&userID, &hash)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
http.Error(w, `{"error":"invalid credentials"}`, http.StatusUnauthorized)
|
http.Error(w, `{"error":"invalid credentials"}`, http.StatusUnauthorized)
|
||||||
|
|||||||
Reference in New Issue
Block a user