From 1507f59bc4937a4b60641c11406e77b3d76d5948 Mon Sep 17 00:00:00 2001
From: ChinoKou <ChinoKou@outlook.com>
Date: Mon, 30 Mar 2026 22:55:32 +0800
Subject: [PATCH] fix: ensure email is lowercase and unavailable check is
 performed upon user creation

---
 backend/internal/user.js | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/backend/internal/user.js b/backend/internal/user.js
index d13931d54a..a69f4f7c14 100644
--- a/backend/internal/user.js
+++ b/backend/internal/user.js
@@ -27,6 +27,14 @@ const internalUser = {
 		const auth = data.auth || null;
 		delete data.auth;
 
+		data.email = data.email.toLowerCase().trim();
+		const emailAvailable = await internalUser.isEmailAvailable(data.email, undefined);
+		if (!emailAvailable) {
+			throw new errs.ValidationError(
+				`Email address already in use - ${data.email}`,
+			);
+		}
+
 		data.avatar = data.avatar || "";
 		data.roles = data.roles || [];