reset password entered email in laravel 5.2 is case sensitive, make it insensitive

Question

I am working on laravel5.2 project, i am using laravel's default auth module, which also provides us the reset password functionality.

I am facing issue in case if user is registered with

abcd@gmail.com

and if user enter email to reset password is

Abcd@gmail.com

In case of this it throws error account with this email doesn't exists.

As we can see both emails are same but just because of capitalization for first letter in second email it is throwing error.

How to make this functionality case insensitive?

you can use strtolower() function on password data, before it search in database — Odin Thunder, May 11 '17 at 09:36
@OdinThunder Yes i know, but i am not getting the file / function where it searches for the email existence. — Pankaj Sharma, May 11 '17 at 09:41

score 3 · Answer 1 · answered Nov 06 '17 at 11:24

Add this function in ForgotPasswordController.php to override the default functionality.

    use Illuminate\Http\Request;
    use Illuminate\Support\Facades\Password;

    public function sendResetLinkEmail(Request $request)
    {
        $this->validateEmail($request);

        $data['email'] = strtolower($request->email);
        $response = $this->broker()->sendResetLink($data);

        return $response == Password::RESET_LINK_SENT
                ? $this->sendResetLinkResponse($response)
                : $this->sendResetLinkFailedResponse($request, $response);
    }

score 0 · Answer 2 · answered May 12 '17 at 07:19

Path of the file where searching email is Illuminate\Foundation\Auth\ResetsPasswords. But you don't want to edit this file. This file contain a php trait that use in PasswordController class. So you can change the functionality of the trait methods by overriding it.

postEmail is the methods to be overwritten that find the user with given email and send reset link. Find the user by email case insensitively using ilike. Then overwrite request email variable by exact user email.

Following is to be the code in your PasswordController class (App\Http\Controllers\Auth\PasswordController)

public function postEmail(Request $request) {

    $this->validate($request, ['email' => 'required|email']);

    //Find the user by email case insensitively using ilike
    $user = User::where('email', 'ilike', $request->email)->first();

    // Overwrite request email variable by exact user email
    $request->email = $user->email;

    $response = Password::sendResetLink($request->only('email'), function (Message $message) {
                $message->subject($this->getEmailSubject());
            });

    switch ($response) {
        case Password::RESET_LINK_SENT:
            return redirect()->back()->with('status', trans($response));
        case Password::INVALID_USER:
            return redirect()->back()->withErrors(['email' => trans($response)]);
    }
}

score 0 · Answer 3 · answered Dec 04 '18 at 19:03

It all comes down to Collation.

I also ran in to this problem recently on an older site using Laravel 5.2. It turns out that changing the collation of the email column in the database from utf8mb4_bin to utf8mb4_unicode_ci solved it.

Apparently, the MySQL adapter does use LIKE when making the query, but that only returns the case-insensitive result if the column collation is allowing it to. Mine wasn't.

There is more discussion on the topic of MySQL collation and case sensitivity on this Stack Overflow question: MySQL case insensitive select as well as in the official MySQL documentation.

score 0 · Answer 4 · answered Aug 20 '21 at 16:28

In case you have stored your emails lowercased in the database, just redefine the credentials function in ForgotPasswordController.php:

protected function credentials(\Illuminate\Http\Request $request)
{
    $data = $request->only('email');
    $data['email'] = mb_strtolower($data['email']);
    return $data;
}

reset password entered email in laravel 5.2 is case sensitive, make it insensitive

4 Answers4