In one project at work we implemented a
passwordless login where you enter your email and then prove that you own this email-account by clicking on the link we sent you.
When I tried to log in with my (mistakenly uppercased) email-adress
Erdii@werise.de I got an email, but this was not my account… It was empty.
Then it struck me. I used the entered email as a case-sensitive identifier to the account and obviously
"Erdii@werise.de" !== "email@example.com"
Moral of the story: always lowercase emails BEFORE comparing (or even writing) to the database, or the user has to remember the casing they used when creating their account in the first time