Preserve message id casing in confirmation tokens

Sources/Mailozaurr.Application/MessageActionConfirmationTokens.cs

@@ -62,8 +62,8 @@ private static string CreateToken(
         var normalizedMessageIds = messageIds
             .Where(id => !string.IsNullOrWhiteSpace(id))
             .Select(id => id.Trim())
-            .Distinct(StringComparer.OrdinalIgnoreCase)
-            .OrderBy(id => id, StringComparer.OrdinalIgnoreCase)
+            .Distinct(StringComparer.Ordinal)
+            .OrderBy(id => id, StringComparer.Ordinal)
             .ToArray();
 
         var payload = string.Join("|", new[] {

Sources/Mailozaurr.Tests/ApplicationMessageActionConfirmationTokensTests.cs

@@ -0,0 +1,40 @@
+using Mailozaurr.Application;
+using Xunit;
+
+namespace Mailozaurr.Tests;
+
+public class ApplicationMessageActionConfirmationTokensTests {
+    [Fact]
+    public void CreateDeleteTokenPreservesMessageIdCasing() {
+        var lowerToken = MessageActionConfirmationTokens.CreateDeleteToken(
+            "work-imap",
+            "shared@example.com",
+            "Inbox",
+            new[] { "abc123" });
+
+        var upperToken = MessageActionConfirmationTokens.CreateDeleteToken(
+            "work-imap",
+            "shared@example.com",
+            "Inbox",
+            new[] { "ABC123" });
+
+        Assert.NotEqual(lowerToken, upperToken);
+    }
+
+    [Fact]
+    public void CreateDeleteTokenIgnoresMessageIdOrdering() {
+        var firstToken = MessageActionConfirmationTokens.CreateDeleteToken(
+            "work-imap",
+            "shared@example.com",
+            "Inbox",
+            new[] { "msg-b", "msg-a" });
+
+        var secondToken = MessageActionConfirmationTokens.CreateDeleteToken(
+            "work-imap",
+            "shared@example.com",
+            "Inbox",
+            new[] { "msg-a", "msg-b" });
+
+        Assert.Equal(firstToken, secondToken);
+    }
+}