On 2009-8-16 02:14, Maurits van Rees wrote:
Plip 9214, support logins using e-mail address instead of user id, is
ready for review.
Can you explain why using email addresses as login is a configuration
option in site_properties instead of on a PAS plugin? All authentication
configuration is on PAS plugins, so I would expect this to be there as well.
If you use the email address as login than user.getUserName() must also
return the email address, so the changes in PasswordResetTool should not
be needed. Looking at the notes this PLIP is creating a situation where
a user logs in with something that is not the users login name, which is
a pretty big deviation from standard behaviour, and I am not sure if
that is desirable. I think 'Offer migration of current login names to
email addresses' item from the further-ideas list should be mandatory.
Looking at your further ideas: email addresses are defined to be case
sensitive in their local-part (not in the domain name), so lowercasing
will technically violate standards. In reality I don't think any MTA is
case sensitive (as witnessed by the fact that postmas...@domain works
everywhere while the RFC defines postmas...@domain) so this might still
be a good thing to do from a user experience perspective. It does
deserve a clear warning in the documentation.
Wichert Akkerman <wich...@wiggy.net> It is simple to make things.
http://www.wiggy.net/ It is hard to make things simple.
Framework-Team mailing list