feat: normalize email handling in signup, login, and verification processes; refactor event handling in task and reward components

backend/api/auth_api.py

@@ -14,6 +14,7 @@ from api.error_codes import MISSING_FIELDS, EMAIL_EXISTS, MISSING_TOKEN, INVALID
     TOKEN_EXPIRED, ALREADY_VERIFIED, MISSING_EMAIL, USER_NOT_FOUND, MISSING_EMAIL_OR_PASSWORD, INVALID_CREDENTIALS, \
     NOT_VERIFIED
 from db.db import users_db
+from api.utils import normalize_email
 
 logger = logging.getLogger(__name__)
 auth_api = Blueprint('auth_api', __name__)
@@ -34,8 +35,10 @@ def signup():
     required_fields = ['first_name', 'last_name', 'email', 'password']
     if not all(field in data for field in required_fields):
         return jsonify({'error': 'Missing required fields', 'code': MISSING_FIELDS}), 400
+    email = data.get('email', '')
+    norm_email = normalize_email(email)    
 
-    if users_db.search(UserQuery.email == data['email']):
+    if users_db.search(UserQuery.email == norm_email):
         return jsonify({'error': 'Email already exists', 'code': EMAIL_EXISTS}), 400
 
     token = secrets.token_urlsafe(32)
@@ -43,7 +46,7 @@ def signup():
     user = User(
         first_name=data['first_name'],
         last_name=data['last_name'],
-        email=data['email'],
+        email=norm_email,
         password=data['password'],  # Hash in production!
         verified=False,
         verify_token=token,
@@ -51,7 +54,7 @@ def signup():
         image_id="boy01"
     )
     users_db.insert(user.to_dict())
-    send_verification_email(data['email'], token)
+    send_verification_email(norm_email, token)
     return jsonify({'message': 'User created, verification email sent'}), 201
 
 @auth_api.route('/verify', methods=['GET'])
@@ -105,11 +108,12 @@ def verify():
 @auth_api.route('/resend-verify', methods=['POST'])
 def resend_verify():
     data = request.get_json()
-    email = data.get('email')
+    email = data.get('email', '')
     if not email:
         return jsonify({'error': 'Missing email', 'code': MISSING_EMAIL}), 400
+    norm_email = normalize_email(email)    
 
-    user_dict = users_db.get(UserQuery.email == email)
+    user_dict = users_db.get(UserQuery.email == norm_email)
     user = User.from_dict(user_dict) if user_dict else None
     if not user:
         return jsonify({'error': 'User not found', 'code': USER_NOT_FOUND}), 404
@@ -121,19 +125,20 @@ def resend_verify():
     now_iso = datetime.utcnow().isoformat()
     user.verify_token = token
     user.verify_token_created = now_iso
-    users_db.update(user.to_dict(), UserQuery.email == email)
-    send_verification_email(email, token)
+    users_db.update(user.to_dict(), UserQuery.email == norm_email)
+    send_verification_email(norm_email, token)
     return jsonify({'message': 'Verification email resent'}), 200
 
 @auth_api.route('/login', methods=['POST'])
 def login():
     data = request.get_json()
-    email = data.get('email')
+    email = data.get('email', '')
     password = data.get('password')
     if not email or not password:
         return jsonify({'error': 'Missing email or password', 'code': MISSING_EMAIL_OR_PASSWORD}), 400
+    norm_email = normalize_email(email)
 
-    user_dict = users_db.get(UserQuery.email == email)
+    user_dict = users_db.get(UserQuery.email == norm_email)
     user = User.from_dict(user_dict) if user_dict else None
     if not user or user.password != password:
         return jsonify({'error': 'Invalid credentials', 'code': INVALID_CREDENTIALS}), 401
@@ -142,7 +147,7 @@ def login():
         return jsonify({'error': 'This account has not verified', 'code': NOT_VERIFIED}), 403
 
     payload = {
-        'email': email,
+        'email': norm_email,
         'exp': datetime.utcnow() + timedelta(hours=24*7)
     }
     token = jwt.encode(payload, current_app.config['SECRET_KEY'], algorithm='HS256')
@@ -179,21 +184,23 @@ def me():
 @auth_api.route('/request-password-reset', methods=['POST'])
 def request_password_reset():
     data = request.get_json()
-    email = data.get('email')
+    email = data.get('email', '')
+    norm_email = normalize_email(email)
+
     success_msg = 'If this email is registered, you will receive a password reset link shortly.'
 
     if not email:
         return jsonify({'error': 'Missing email', 'code': MISSING_EMAIL}), 400
 
-    user_dict = users_db.get(UserQuery.email == email)
+    user_dict = users_db.get(UserQuery.email == norm_email)
     user = User.from_dict(user_dict) if user_dict else None
     if user:
         token = secrets.token_urlsafe(32)
         now_iso = datetime.utcnow().isoformat()
         user.reset_token = token
         user.reset_token_created = now_iso
-        users_db.update(user.to_dict(), UserQuery.email == email)
-        send_reset_password_email(email, token)
+        users_db.update(user.to_dict(), UserQuery.email == norm_email)
+        send_reset_password_email(norm_email, token)
 
     return jsonify({'message': success_msg}), 200