🐛(backend) filter invitation with case insensitive email

A user can be invited and no control is made on the email case. Then,
when a new user is created, we are looking if there are pending
invitation and the lookup used is case sensitive. We change it using
__iexact which is case insensitive.

Author: lunika

CHANGELOG.md

@@ -43,6 +43,7 @@ and this project adheres to
 - 🐛(frontend) fix attachment download filename #1447
 - 🐛(frontend) exclude h4-h6 headings from table of contents #1441
 - 🔒(frontend) prevent readers from changing callout emoji #1449
+- 🐛(backend) filter invitation with case insensitive email
 
 ## [3.7.0] - 2025-09-12
 

src/backend/core/models.py

@@ -221,7 +221,7 @@ def _convert_valid_invitations(self):
         Expired invitations are ignored.
         """
         valid_invitations = Invitation.objects.filter(
-            email=self.email,
+            email__iexact=self.email,
             created_at__gte=(
                 timezone.now()
                 - timedelta(seconds=settings.INVITATION_VALIDITY_DURATION)

src/backend/core/tests/test_models_users.py

@@ -8,7 +8,7 @@
 
 import pytest
 
-from core import factories
+from core import factories, models
 
 pytestmark = pytest.mark.django_db
 
@@ -66,3 +66,33 @@ def test_models_users_sub_validator(sub, is_valid):
             match=("Enter a valid sub. This value should be ASCII only."),
         ):
             user.full_clean()
+
+
+def test_modes_users_convert_valid_invitations():
+    """
+    The "convert_valid_invitations" method should convert valid invitations to document accesses.
+    """
+    email = "[email protected]"
+    document = factories.DocumentFactory()
+    other_document = factories.DocumentFactory()
+    invitation_document = factories.InvitationFactory(email=email, document=document)
+    invitation_other_document = factories.InvitationFactory(
+        email="[email protected]", document=other_document
+    )
+    other_email_invitation = factories.InvitationFactory(
+        email="[email protected]", document=document
+    )
+
+    assert document.accesses.count() == 0
+    assert other_document.accesses.count() == 0
+
+    user = factories.UserFactory(email=email)
+
+    assert document.accesses.filter(user=user).count() == 1
+    assert other_document.accesses.filter(user=user).count() == 1
+
+    assert not models.Invitation.objects.filter(id=invitation_document.id).exists()
+    assert not models.Invitation.objects.filter(
+        id=invitation_other_document.id
+    ).exists()
+    assert models.Invitation.objects.filter(id=other_email_invitation.id).exists()