commitglobal
diff --git a/‎api/src/Feature.Auth/ForgotPassword/Endpoint.cs‎
Lines changed: 1 addition & 1 deletion b/‎api/src/Feature.Auth/ForgotPassword/Endpoint.cs‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎api/src/Feature.Auth/ResetPassword/Endpoint.cs‎
Lines changed: 1 addition & 1 deletion b/‎api/src/Feature.Auth/ResetPassword/Endpoint.cs‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎api/src/Feature.Auth/Services/TokenService.cs‎
Lines changed: 1 addition & 1 deletion b/‎api/src/Feature.Auth/Services/TokenService.cs‎
Lines changed: 1 addition & 1 deletion
@@ -26,7 +26,7 @@ public override void Configure()
 
     public override async Task<Results<Ok, ProblemHttpResult>> ExecuteAsync(Request request, CancellationToken ct)
     {
-        var user = await userManager.FindByEmailAsync(request.Email.Normalize());
+        var user = await userManager.FindByEmailAsync(request.Email.Normalize().Trim());
         if (user is null || !await userManager.IsEmailConfirmedAsync(user))
         {
             logger.LogWarning("Possible user enumeration. Unknown email received {email}", request.Email);
 
@@ -15,7 +15,7 @@ public override void Configure()
 
     public override async Task<Results<Ok, ProblemHttpResult>> ExecuteAsync(Request request, CancellationToken ct)
     {
-        var user = await userManager.FindByEmailAsync(request.Email.Normalize());
+        var user = await userManager.FindByEmailAsync(request.Email.Normalize().Trim());
 
         // Don't reveal that the user does not exist
         if (user is null)
 
@@ -25,7 +25,7 @@ internal class TokenService(UserManager<ApplicationUser> userManager,
     public async Task<Results<Ok<TokenResponse>, ValidationProblem>> GetTokenAsync(string email, string password, CancellationToken cancellationToken)
     {
         var validationCtx = ValidationContext.Instance;
-        if (await userManager.FindByEmailAsync(email.Trim().Normalize()) is not { }
+        if (await userManager.FindByEmailAsync(email.Trim().Normalize().Trim()) is not { }
                 user
             || !await userManager.CheckPasswordAsync(user, password))
         {
Original file line number	Diff line number	Diff line change
`@@ -26,7 +26,7 @@ public override void Configure()`
`26`	`26`
`27`	`27`	`public override async Task<Results<Ok, ProblemHttpResult>> ExecuteAsync(Request request, CancellationToken ct)`
`28`	`28`	`{`
`29`		`- var user = await userManager.FindByEmailAsync(request.Email.Normalize());`
	`29`	`+ var user = await userManager.FindByEmailAsync(request.Email.Normalize().Trim());`
`30`	`30`	`if (user is null \|\| !await userManager.IsEmailConfirmedAsync(user))`
`31`	`31`	`{`
`32`	`32`	`logger.LogWarning("Possible user enumeration. Unknown email received {email}", request.Email);`
Original file line number	Diff line number	Diff line change
`@@ -15,7 +15,7 @@ public override void Configure()`
`15`	`15`
`16`	`16`	`public override async Task<Results<Ok, ProblemHttpResult>> ExecuteAsync(Request request, CancellationToken ct)`
`17`	`17`	`{`
`18`		`- var user = await userManager.FindByEmailAsync(request.Email.Normalize());`
	`18`	`+ var user = await userManager.FindByEmailAsync(request.Email.Normalize().Trim());`
`19`	`19`
`20`	`20`	`// Don't reveal that the user does not exist`
`21`	`21`	`if (user is null)`
Original file line number	Diff line number	Diff line change
`@@ -25,7 +25,7 @@ internal class TokenService(UserManager<ApplicationUser> userManager,`
`25`	`25`	`public async Task<Results<Ok<TokenResponse>, ValidationProblem>> GetTokenAsync(string email, string password, CancellationToken cancellationToken)`
`26`	`26`	`{`
`27`	`27`	`var validationCtx = ValidationContext.Instance;`
`28`		`- if (await userManager.FindByEmailAsync(email.Trim().Normalize()) is not { }`
	`28`	`+ if (await userManager.FindByEmailAsync(email.Trim().Normalize().Trim()) is not { }`
`29`	`29`	`user`
`30`	`30`	`\|\| !await userManager.CheckPasswordAsync(user, password))`
`31`	`31`	`{`