Case-Sensitive Email Mismatch Blocks Document Access

[virgile-dev]

Bug Report

Problematic behavior
When an email address with a different case (e.g., uppercase/lowercase) is used to share a document compared to the one registered for the account, the following occurs:

• The recipient receives the notification email correctly.
• Clicking the access button in the email redirects to a page stating they don’t have permission to view the document.
• On the admin side, the invitation remains in a "pending" state, as if the recipient never accepted it.

Example:

• Account email: user@example.fr
• Shared to: USER@EXAMPLE.FR (case mismatch)
  → Notification received, but access denied + invitation stuck in "pending."

Expected behavior/code
The system should normalize email case sensitivity during invitation validation. Expected:

• Case-insensitive matching for email addresses (e.g., USER@example.fr and user@example.fr treated as identical).
• Successful document access upon clicking the notification link.
• Admin panel showing the invitation as "accepted."

Steps to Reproduce

1. Create a Docs account with email user@example.org.
2. Share a document to USER@EXAMPLE.FR (case mismatch).
3. Recipient clicks the access button in the notification email.
4. Observe: "No access" error + admin panel shows invitation as pending.

Environment

• Docs version: 3.7.0
• Instance URL: docs.numerique.gouv.fr

Possible Solution

• Normalize email addresses (convert to lowercase) before comparing them in the invitation logic.
• Update the validation step to ignore case differences during token/permission checks.

Additional context/Screenshots

[lunika]

Managed in #1457