[1.x] Support case insensitive password resets (#562)

mattmcdev · web-flow · commit 958042c2cf16 · 2024-08-09T07:05:23.000-05:00
diff --git a/src/Http/Controllers/PasswordResetLinkController.php b/src/Http/Controllers/PasswordResetLinkController.php
@@ -7,6 +7,7 @@
 use Illuminate\Http\Request;
 use Illuminate\Routing\Controller;
 use Illuminate\Support\Facades\Password;
+use Illuminate\Support\Str;
 use Laravel\Fortify\Contracts\FailedPasswordResetLinkRequestResponse;
 use Laravel\Fortify\Contracts\RequestPasswordResetLinkViewResponse;
 use Laravel\Fortify\Contracts\SuccessfulPasswordResetLinkRequestResponse;
@@ -35,6 +36,12 @@ public function store(Request $request): Responsable
     {
         $request->validate([Fortify::email() => 'required|email']);
 
+        if (config('fortify.lowercase_usernames')) {
+            $request->merge([
+                Fortify::email() => Str::lower($request->{Fortify::email()}),
+            ]);
+        }
+
         // We will send the password reset link to this user. Once we have attempted
         // to send the link, we will examine the response then see the message we
         // need to show to the user. Finally, we'll send out a proper response.
diff --git a/tests/PasswordResetLinkRequestControllerTest.php b/tests/PasswordResetLinkRequestControllerTest.php
@@ -79,4 +79,20 @@ public function test_reset_link_can_be_successfully_requested_with_customized_em
         $response->assertSessionHasNoErrors();
         $response->assertSessionHas('status', trans(Password::RESET_LINK_SENT));
     }
+
+    public function test_case_insensitive_usernames_can_be_used()
+    {
+        Config::set('fortify.lowercase_usernames', true);
+        Password::shouldReceive('broker')->andReturn($broker = Mockery::mock(PasswordBroker::class));
+
+        $broker->shouldReceive('sendResetLink')->andReturn(Password::RESET_LINK_SENT);
+
+        $response = $this->from(url('/forgot-password'))
+            ->post('/forgot-password', ['email' => 'TAYLOR@laravel.com']);
+
+        $response->assertStatus(302);
+        $response->assertRedirect('/forgot-password');
+        $response->assertSessionHasNoErrors();
+        $response->assertSessionHas('status', trans(Password::RESET_LINK_SENT));
+    }
 }
