Skip to content

Lowercase usernames configuration ignored when resetting passwords #661

New issue
New issue
Open
#664
Open
Lowercase usernames configuration ignored when resetting passwords#661
#664
@martinbean

Description

@martinbean
martinbean
opened on Mar 17, 2026

Fortify Version

1.36.1

Laravel Version

12.54.1

PHP Version

8.5.3

Database Driver & Version

No response

Description

I found a PR (#562) that takes into account the lowercase_usernames configuration when requesting a password reset link, but the configuration is not taken into account when actually trying to reset the password.

It seems the NewPasswordController class needs updating to respect the lowercase_usernames configuration before validating the email address:

fortify/src/Http/Controllers/NewPasswordController.php

Lines 57 to 61 in a50c004

$request->validate([
'token' => 'required',
Fortify::email() => 'required|email',
'password' => 'required',
]);

Will create a PR later today unless someone else beats me to it.

Steps To Reproduce

  1. Generate a reset link for a user with an email, i.e. john.doe@example.com
  2. Follow reset link to go to reset password page
  3. Enter email with different casing, i.e. John.Doe@example.com
  4. Receive error message saying "We can't find a user with that email address."

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions