Fix: duplicate check normalization must match registration logic

cursoragent · cursoragent · commit efee4f55d53b · 2026-01-30T16:00:12.000Z
The duplicate user check in superRefine now extracts digits only (using /\D/g) to match the registration normalization, preventing users from bypassing the duplicate check with formatted phone numbers like 555-123-4567.
diff --git a/app/routes/_app+/_auth+/signup.tsx b/app/routes/_app+/_auth+/signup.tsx
@@ -44,7 +44,8 @@ export async function action({ request }: ActionFunctionArgs) {
 
 		const submission = await parseWithZod(formData, {
 			schema: SignupSchema.superRefine(async (data, ctx) => {
-				const fullPhoneNumber = `${data.countryCode}${data.phoneNumber}`.replace(
+				const digitsOnly = data.phoneNumber.replace(/\D/g, '')
+				const fullPhoneNumber = `${data.countryCode}${digitsOnly}`.replace(
 					/\s+/g,
 					'',
 				)

Original file line number	Diff line number	Diff line change
`@@ -44,7 +44,8 @@ export async function action({ request }: ActionFunctionArgs) {`
`44`	`44`
`45`	`45`	`const submission = await parseWithZod(formData, {`
`46`	`46`	`schema: SignupSchema.superRefine(async (data, ctx) => {`
`47`		- const fullPhoneNumber = `${data.countryCode}${data.phoneNumber}`.replace(
	`47`	`+ const digitsOnly = data.phoneNumber.replace(/\D/g, '')`
	`48`	+ const fullPhoneNumber = `${data.countryCode}${digitsOnly}`.replace(
`48`	`49`	`/\s+/g,`
`49`	`50`	`'',`
`50`	`51`	`)`