auth-form-validation-fix
rg "auth-form|ValidationError|password" src/modules/auth src/shared/errors
The legacy validator trims email in one branch but passes raw password values through another path, which explains the inconsistent failures.
src/modules/auth/validators/auth-form.validator.ts+3
src/modules/auth/schemas/auth.schema.ts+4-1
I'm replacing the legacy validator with a schema-based auth form validator so malformed email/password payloads stop before the service layer.
src/modules/auth/controllers/auth.controller.ts+3-2
src/modules/auth/utils/normalize-auth-input.ts+3
The helper normalizes email casing before validation and keeps password handling untouched so auth rules stay explicit.
The controller still needs structured field-level errors. I'm mapping validation failures back to email and password fields now.
src/shared/errors/validation.error.ts+1
Field-level errors now preserve the same response envelope while adding a stable path for each invalid input.
pnpm test src/modules/auth/tests/auth-form.validator.spec.ts
The validator specs are running against empty email, invalid email, short password, and mixed-case email normalization.