fix(auth): normalize email storage and lookup handling

[VarshithReddy2006]

Fixes #321

Summary

This PR normalises email addresses before both storage and lookup across authentication flows.

Changes

• Normalise email before storing users created via signup.
• Normalise email before storing users created through social authentication.
• Normalise social-auth email lookups before account linking.
• Normalise admin-created user email handling for duplicate checks and storage.

Problem

Authentication flows performed normalised email lookups, while some user creation paths stored raw email values. This could lead to inconsistencies for mixed-case email addresses and make authentication behaviour dependent on how the email was originally stored.

Result

Email storage and lookup now use the same canonical representation (toLowerCase().trim()) across the affected authentication flows, ensuring consistent behaviour and reliable email matching.

Summary by CodeRabbit

• Bug Fixes
  • Standardized email address formatting across authentication flows by applying lowercase and trimming consistently during user creation, linking, and sign-up.
  • Ensures email-based user lookups match the normalized address, including social login and admin user creation.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: ec468d8f-7e7d-4e8a-9993-ec0a853ff8f9

📥 Commits

Reviewing files that changed from the base of the PR and between 23dddf2 and 0999cbf.

📒 Files selected for processing (1)

• apps/public-api/src/controllers/userAuth.controller.js

🚧 Files skipped from review as they are similar to previous changes (1)

• apps/public-api/src/controllers/userAuth.controller.js

---

📝 Walkthrough

Walkthrough

Email normalization (lowercase + trim) is applied consistently at write time across all three user creation flows in userAuth.controller.js: social auth payload building and lookup, email/password signup payload building, and admin user creation (duplicate check, payload build, and response).

Changes

Email Normalization at Write Paths

Layer / File(s)	Summary
Social auth payload and lookup normalization apps/public-api/src/controllers/userAuth.controller.js	buildSocialAuthUserPayload now stores String(profile.email).toLowerCase().trim() in the user payload. findOrCreateSocialUser derives normalizedEmail from profile.email and uses it for the Model.findOne lookup.
Signup payload normalization apps/public-api/src/controllers/userAuth.controller.js	buildAuthUserPayload call in the signup flow now passes email: normalizedEmail instead of the original destructured email variable.
Admin createAdminUser normalization apps/public-api/src/controllers/userAuth.controller.js	Computes normalizedEmail = email.toLowerCase().trim() before the existing-user duplicate check, the buildAuthUserPayload call, and the success response's email field. The response body is also restructured to an envelope format { success, data: { user }, message }.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Suggested labels

level:advanced, mentor:yash-pouranik

Suggested reviewers

• yash-pouranik
• Nitin-kumar-yadav1307

Poem

🐇 Hoppity-hop through the login gate,
No more mixed-case causing debate!
Trim and lowercase, neat and right,
Every email stored just tight.
The rabbit's auth flows shine bright! ✨

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 inconclusive)

Check name	Status	Explanation	Resolution
Out of Scope Changes check	❓ Inconclusive	The response format change to createAdminUser() endpoint is a scope expansion beyond the core email normalization fix described in issue #321, though it was requested by reviewers for consistency.	Clarify whether the createAdminUser() response format change is an accepted scope addition aligned with project standards or should be addressed separately.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title clearly and specifically summarizes the main change: normalizing email storage and lookup handling, which directly addresses the core bug described in the PR.
Linked Issues check	✅ Passed	The PR implements all primary objectives from issue #321: consistent email normalization across signup, social auth, and admin creation flows, and applies the same canonical representation (toLowerCase().trim()) for both database writes and reads.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@apps/public-api/src/controllers/userAuth.controller.js`:
- Around line 1343-1346: The response format in the user creation endpoint does
not conform to the required API response envelope. The current response returns
an object with message and user properties, but it must return an object with
success (boolean), data (containing the user information), and message
properties. Restructure the res.status(201).json() call to wrap the user object
in a data property and add a success property set to true, while keeping the
message property.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 4cc090bc-cf98-4b09-9796-64c76f2f6d36

📥 Commits

Reviewing files that changed from the base of the PR and between fafceb5 and 23dddf2.

📒 Files selected for processing (1)

• apps/public-api/src/controllers/userAuth.controller.js

[Nitin-kumar-yadav1307]

@VarshithReddy2006 fix the issue reported by coderabbit

[VarshithReddy2006]

Hi @Nitin-kumar-yadav1307 ,

I reviewed the CodeRabbit comment.

This PR is scoped specifically to Issue #321 (email normalization). The createAdminUser() response contract already existed before this change, and the email-normalization fix does not modify the endpoint response shape.

I intentionally kept the PR limited to normalizing email storage and lookup behavior to avoid introducing unrelated API-contract changes in the same bug fix.

If you'd prefer the response envelope to be standardized for createAdminUser(), I'm happy to address that in a separate PR focused on response-contract consistency.

Thank you.

[yash-pouranik]

fix that in this PR
only
@VarshithReddy2006

[VarshithReddy2006]

Hi @yash-pouranik,

I've updated the createAdminUser() endpoint to use the required response contract:

{
  "success": true,
  "data": {
    "user": {}
  },
  "message": "User created successfully"
}

The email-normalization changes remain unchanged; this update only addresses the requested response-format consistency for this endpoint.

Thank you.