#Registration doesn't convert emails to lowercase allowing duplicate accounts

I've a Filament Panel configured with ->registration and it seems that it's possible to create duplicate accounts by entering the same email in a different uppercase/lowercase combination.

For example:
[email protected] Works
[email protected] Also Works
[email protected] Also Works

Source code reference: https://github.com/filamentphp/filament/blob/4.x/packages/panels/src/Auth/Pages/Register.php#L184
The getEmailFormComponent does have the ->unique configuration set but that doesn't take effect when the case is changed

There are a few possible ways to resolve this

1. Add an Eloquent mutator to the User model to convert emails to lowercase before creating the record. (In this case the DB unique constraint would catch the duplicate account)
2. Change Filament to Mutate Form Data before saving, This would require an update to Filament or an internal patch modify the registration page

Please let me know if there are any other ways to resolve this that I'm not aware of.

btw, Any changes to Filament would also need to update Login ( https://github.com/filamentphp/filament/blob/4.x/packages/panels/src/Auth/Pages/Login.php ) to convert the emails to lowercase before attempting to login because as of now you can change the case-sensivity and login to other variations of the same account

@gilded quiver are you using Postgres

I am using SQLite

and are you sure that when using SQLite, Laravel starter kits do not behave the same way with case sensitivity?

because we generally aim for filament to have behaviour consistent with the starter kits

https://stackoverflow.com/questions/71605609/login-is-case-sensitive-using-pgsql-and-sqlite

Ok, I just created a new project using the Livewire starter kit with built-in authentication

Seems like their registration page converts the email to lowercase before creating the account

I created a user with the email [email protected] J is capital

if you show me the line where it does that, i will do the same

This is how it appears on the profile page

The starter kit uses Fortify to create users and Fortify lowercases the emails before saving them to the database

Reference: https://github.com/laravel/livewire-starter-kit/blob/main/config/fortify.php#L63

I'd be glad to make this change to Filament if someone can help me with the process

I'm not familiar with the process of contributing to an open source project

This is the line in the starter kit that connects the Forify register action with the auth.register view template included in the starter kit
https://github.com/laravel/livewire-starter-kit/blob/main/app/Providers/FortifyServiceProvider.php#L52

@young pivot Out of curiosity, If the aim is for filament to have behaviour consistent with the starter kits, shouldn't we also use Forify for handling authentication?

Setting a mutator for setting the value prevents the account from being created by throwing Illuminate\Database\UniqueConstraintViolationException

And the ->unique() configuration on the TextInput seems to be the only way uniqueness is validated

Is there a way to configure Validation in such a way that SQL errors bubbles up to the validation?

I don't want to use normal Blade views etc for auth, we have Livewire components that can be changed using Filament principles, which is why we don't need Fortify

But I am happy to copy the behaviour

If you don't want to do a PR thats ok, but please add it to my todo list by creating an issue with a simple reproduction repository (just install a panel with registration)

No actually I'd be glad to do a PR for this because I need to fix the issue for myself anyways

@young pivot How would you suggest I approach fixing this?

1. Convert the email to lowercase using Str::lower in the handleRegistration function before creating the record ( https://github.com/filamentphp/filament/blob/4.x/packages/panels/src/Auth/Pages/Register.php#L126 )
2. Register a mutateFormDataBeforeCreate but I'm not sure if it will work on the Registration page because it inherits from SimplePage
3. Change the state directly on the email TextInput using afterStateUpdated()

probably dehydrateStateUsing() on the email field, but i think we need to consider consequences too for the login process, and its best if you just open an issue so we can discuss it more officially