On 2009-8-16 02:14, Maurits van Rees wrote:
Hi all,

Plip 9214, support logins using e-mail address instead of user id, is
ready for review.


Accompanying notes:

Can you explain why using email addresses as login is a configuration option in site_properties instead of on a PAS plugin? All authentication configuration is on PAS plugins, so I would expect this to be there as well.

If you use the email address as login than user.getUserName() must also return the email address, so the changes in PasswordResetTool should not be needed. Looking at the notes this PLIP is creating a situation where a user logs in with something that is not the users login name, which is a pretty big deviation from standard behaviour, and I am not sure if that is desirable. I think 'Offer migration of current login names to email addresses' item from the further-ideas list should be mandatory.

Looking at your further ideas: email addresses are defined to be case sensitive in their local-part (not in the domain name), so lowercasing will technically violate standards. In reality I don't think any MTA is case sensitive (as witnessed by the fact that postmas...@domain works everywhere while the RFC defines postmas...@domain) so this might still be a good thing to do from a user experience perspective. It does deserve a clear warning in the documentation.


Wichert Akkerman <wich...@wiggy.net>   It is simple to make things.
http://www.wiggy.net/                  It is hard to make things simple.

Framework-Team mailing list

Reply via email to