Re: [mezzanine-users] Case insensitive username login
There are two problems I see with doing this for email addresses. 1) Email addresses could be case sensitive -- not the domain, but the host-specific part (though I doubt many hosts actually allow this in practice). CHRIS@server could be a different user than chris@server. 2) Mezzanine does not enforce case-insensitive email addresses, unlike usernames (see `mezzanine.accounts.forms.ProfileForm.clean_email()`). It is possible that existing installations could have users with email addresses that differ only by case. Perhaps somebody sneaky posing as multiple users. This would have to be a setting so that an admin could look at their particular case and see whether it is safe to turn on. Usernames are different. I think the typical non-tech-savvy web user doesn't think about case or even realize that 'c' and 'C' are not the same. It's just another name for themselves, and in the real world, names are not case sensitive. The name on my birth certificate may be Chris, but when a letter arrives at my house addressed to CHRIS, I don't send it back. Chris On Sunday, 5 November 2017 15:27:09 UTC-5, Danny S wrote: > > On 5/11/2017 1:24 PM, Chris Hawes wrote: > > I'm wondering if there is a reason > mezzanine.core.auth_backends.MezzanineBackend doesn't support > case-insensitive usernames for logging in? > mezzanine.accounts.forms.ProfileForm enforces case-insensitive username > uniqueness when registering, so it seems like it would be natural to allow > them for logging in. It feels to me like a bug that it doesn't. > > > I bring this up because I've had users of my site write to me bewildered > that they can't log in, and then it turns out they had capitalization in > their username and just assumed that it wouldn't matter, as is the case on > other sites. > > > If others do not agree that it is a bug, perhaps adding a setting for this > would be appropriate. In any case I would be happy to work on a PR if there > is agreement on a change. > > > I've certainly had the case where users have contacted me because they'd > put some capitalisation in their original signup email address and then > tried to log in using it in all lowercase -- and in the case of email > addresses, case is DEFINITELY not important - so I don't know why it seems > to be for the Mezzanine/Django login. > > So if usernames are also not case sensitive, we should definitely fix it > for both. > > Seeya. Danny. > > -- You received this message because you are subscribed to the Google Groups "Mezzanine Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to mezzanine-users+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [mezzanine-users] Case insensitive username login
On 5/11/2017 1:24 PM, Chris Hawes wrote: I'm wondering if there is a reason |mezzanine.core.auth_backends.MezzanineBackend| doesn't support case-insensitive usernames for logging in? |mezzanine.accounts.forms.ProfileForm| enforces case-insensitive username uniqueness when registering, so it seems like it would be natural to allow them for logging in. It feels to me like a bug that it doesn't. I bring this up because I've had users of my site write to me bewildered that they can't log in, and then it turns out they had capitalization in their username and just assumed that it wouldn't matter, as is the case on other sites. If others do not agree that it is a bug, perhaps adding a setting for this would be appropriate. In any case I would be happy to work on a PR if there is agreement on a change. I've certainly had the case where users have contacted me because they'd put some capitalisation in their original signup email address and then tried to log in using it in all lowercase -- and in the case of email addresses, case is DEFINITELY not important - so I don't know why it seems to be for the Mezzanine/Django login. So if usernames are also not case sensitive, we should definitely fix it for both. Seeya. Danny. -- You received this message because you are subscribed to the Google Groups "Mezzanine Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to mezzanine-users+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[mezzanine-users] Case insensitive username login
I'm wondering if there is a reason mezzanine.core.auth_backends.MezzanineBackend doesn't support case-insensitive usernames for logging in? mezzanine.accounts.forms.ProfileForm enforces case-insensitive username uniqueness when registering, so it seems like it would be natural to allow them for logging in. It feels to me like a bug that it doesn't. I bring this up because I've had users of my site write to me bewildered that they can't log in, and then it turns out they had capitalization in their username and just assumed that it wouldn't matter, as is the case on other sites. If others do not agree that it is a bug, perhaps adding a setting for this would be appropriate. In any case I would be happy to work on a PR if there is agreement on a change. -- You received this message because you are subscribed to the Google Groups "Mezzanine Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to mezzanine-users+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
