firebase · joehan · Mar 21, 2025 · Mar 21, 2025
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1 +1,2 @@
 - Fix bug where functions:artifacts:setpolicy command's --none option didn't work as expected (#8330)
+- Fix bug in Auth emulator where accounts:lookup is case-sensitive for emails (#8344)
diff --git a/src/emulator/auth/misc.spec.ts b/src/emulator/auth/misc.spec.ts
@@ -32,15 +32,15 @@
      .query({ key: "fake-api-key" })
      .then((res) => {
        expectStatusCode(200, res);
        expect(res.body.id_token).to.be.a("string");
        expect(res.body.access_token).to.equal(res.body.id_token);
        expect(res.body.refresh_token).to.be.a("string");
        expect(res.body.expires_in)
          .to.be.a("string")
          .matches(/[0-9]+/);
        expect(res.body.project_id).to.equal("12345");
        expect(res.body.token_type).to.equal("Bearer");
        expect(res.body.user_id).to.equal(localId);
      });
  });

@@ -63,8 +63,8 @@
      .query({ key: "fake-api-key" })
      .then((res) => {
        expectStatusCode(200, res);
        expect(res.body.id_token).to.be.a("string");
        expect(res.body.access_token).to.equal(res.body.id_token);
        expect(res.body.refresh_token).to.be.a("string");
        expect(res.body.expires_in)
          .to.be.a("string")
@@ -339,6 +339,54 @@
 });
 
 describeAuthEmulator("accounts:lookup", ({ authApi }) => {
+  it("should return user by email when privileged", async () => {
+    const { email } = await registerUser(authApi(), {
+      email: "bob@example.com",
+      password: "password",
+    });
+
+    await authApi()
+      .post(`/identitytoolkit.googleapis.com/v1/projects/${PROJECT_ID}/accounts:lookup`)
+      .set("Authorization", "Bearer owner")
+      .send({ email: [email] })
+      .then((res) => {
+        expectStatusCode(200, res);
+        expect(res.body.users).to.have.length(1);
+        expect(res.body.users[0].email).to.equal(email);
+      });
+  });
+
+  it("should return user by email even when uppercased", async () => {
+    const { email } = await registerUser(authApi(), {
+      email: "foo@example.com",
+      password: "password",
+    });
+    const caplitalizedEmail = email.toUpperCase();
+
+    await authApi()
+      .post(`/identitytoolkit.googleapis.com/v1/projects/${PROJECT_ID}/accounts:lookup`)
+      .set("Authorization", "Bearer owner")
+      .send({ email: [caplitalizedEmail] })
+      .then((res) => {
+        console.log(res.body.users);
+        expectStatusCode(200, res);
+        expect(res.body.users).to.have.length(1);
+        expect(res.body.users[0].email).to.equal(email);
+      });
+  });
+
+  it("should return empty result when email is not found", async () => {
+    await authApi()
+      .post(`/identitytoolkit.googleapis.com/v1/projects/${PROJECT_ID}/accounts:lookup`)
+      .set("Authorization", "Bearer owner")
+      .send({ email: ["non-existent-email@example.com"] })
+      .then((res) => {
+        console.log(res.body.users);
+        expectStatusCode(200, res);
+        expect(res.body).not.to.have.property("users");
+      });
+  });
+
   it("should return user by localId when privileged", async () => {
     const { localId } = await registerAnonUser(authApi());
 

diff --git a/src/emulator/auth/operations.ts b/src/emulator/auth/operations.ts
@@ -300,7 +300,8 @@ function lookup(
       tryAddUser(state.getUserByLocalId(localId));
     }
     for (const email of reqBody.email ?? []) {
-      tryAddUser(state.getUserByEmail(email));
+      const canonicalizedEmail = canonicalizeEmailAddress(email);
+      tryAddUser(state.getUserByEmail(canonicalizedEmail));
     }
     for (const phoneNumber of reqBody.phoneNumber ?? []) {
       tryAddUser(state.getUserByPhoneNumber(phoneNumber));
Original file line number	Diff line number	Diff line change
		@@ -1 +1,2 @@
		- Fix bug where functions:artifacts:setpolicy command's --none option didn't work as expected (#8330)
		- Fix bug in Auth emulator where accounts:lookup is case-sensitive for emails (#8344)