in password reset, also try lowercasing the email to see if that matches
diff --git a/Allura/allura/controllers/auth.py b/Allura/allura/controllers/auth.py
index 1d11394..d74f484 100644
--- a/Allura/allura/controllers/auth.py
+++ b/Allura/allura/controllers/auth.py
@@ -223,6 +223,11 @@
redirect('/')
user_record = M.User.by_email_address(email, only_confirmed=False)
+ if not user_record and email != email.lower():
+ # try again lowercase
+ email = email.lower()
+ user_record = M.User.by_email_address(email, only_confirmed=False)
+
allow_non_primary_email_reset = asbool(config.get('auth.allow_non_primary_email_password_reset', True))
if not re.match(r"[^@]+@[^@]+\.[^@]+", email):
diff --git a/Allura/allura/tests/functional/test_auth.py b/Allura/allura/tests/functional/test_auth.py
index b75eb91..10dbd38 100644
--- a/Allura/allura/tests/functional/test_auth.py
+++ b/Allura/allura/tests/functional/test_auth.py
@@ -1764,6 +1764,25 @@
r = r.follow().follow()
assert 'Log Out' in r, r
+
+ @patch('allura.tasks.mail_tasks.sendsimplemail')
+ @patch('allura.lib.helpers.gen_message_id')
+ def test_capitalized_email_entered(self, gen_message_id, sendmail):
+ self.app.get('/').follow() # establish session
+ user = M.User.query.get(username='test-admin')
+ email = M.EmailAddress.find({'claimed_by_user_id': user._id}).first()
+ email.confirmed = True
+ ThreadLocalODMSession.flush_all()
+
+ # request a reset
+ with td.audits('Password recovery link sent to: ' + email.email, user=True):
+ r = self.app.post('/auth/password_recovery_hash', {'email': email.email.capitalize(), # NOTE THIS
+ '_session_id': self.app.cookies['_session_id'],
+ })
+ # confirm it worked
+ hash = user.get_tool_data('AuthPasswordReset', 'hash')
+ assert hash is not None
+
@patch('allura.tasks.mail_tasks.sendsimplemail')
@patch('allura.lib.helpers.gen_message_id')
def test_hash_expired(self, gen_message_id, sendmail):