🐛(backend) filter invitation with case insensitive email

A user can be invited and no control is made on the email case. Then, when a new user is created, we are looking if there are pending invitation and the lookup used is case sensitive. We change it using __iexact which is case insensitive.
2025-10-07 11:41:45 +02:00
parent b3980e7bf1
commit 590b67fd71
3 changed files with 33 additions and 2 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -43,6 +43,7 @@ and this project adheres to
 - 🐛(frontend) fix attachment download filename #1447
 - 🐛(frontend) exclude h4-h6 headings from table of contents #1441
 - 🔒(frontend) prevent readers from changing callout emoji #1449
+- 🐛(backend) filter invitation with case insensitive email

 ## [3.7.0] - 2025-09-12

--- a/src/backend/core/models.py
+++ b/src/backend/core/models.py
@@ -221,7 +221,7 @@ class User(AbstractBaseUser, BaseModel, auth_models.PermissionsMixin):
        Expired invitations are ignored.
        """
        valid_invitations = Invitation.objects.filter(
-            email=self.email,
+            email__iexact=self.email,
            created_at__gte=(
                timezone.now()
                - timedelta(seconds=settings.INVITATION_VALIDITY_DURATION)
--- a/src/backend/core/tests/test_models_users.py
+++ b/src/backend/core/tests/test_models_users.py
@@ -8,7 +8,7 @@ from django.core.exceptions import ValidationError

 import pytest

-from core import factories
+from core import factories, models

 pytestmark = pytest.mark.django_db

@@ -66,3 +66,33 @@ def test_models_users_sub_validator(sub, is_valid):
            match=("Enter a valid sub. This value should be ASCII only."),
        ):
            user.full_clean()
+
+
+def test_modes_users_convert_valid_invitations():
+    """
+    The "convert_valid_invitations" method should convert valid invitations to document accesses.
+    """
+    email = "test@example.com"
+    document = factories.DocumentFactory()
+    other_document = factories.DocumentFactory()
+    invitation_document = factories.InvitationFactory(email=email, document=document)
+    invitation_other_document = factories.InvitationFactory(
+        email="Test@example.coM", document=other_document
+    )
+    other_email_invitation = factories.InvitationFactory(
+        email="pre_test@example.com", document=document
+    )
+
+    assert document.accesses.count() == 0
+    assert other_document.accesses.count() == 0
+
+    user = factories.UserFactory(email=email)
+
+    assert document.accesses.filter(user=user).count() == 1
+    assert other_document.accesses.filter(user=user).count() == 1
+
+    assert not models.Invitation.objects.filter(id=invitation_document.id).exists()
+    assert not models.Invitation.objects.filter(
+        id=invitation_other_document.id
+    ).exists()
+    assert models.Invitation.objects.filter(id=other_email_invitation.id).exists()