New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Email in login data should be case insensitive. #8548
Comments
Hi @sebastianpiskorski what is the actual problem or bug that this can cause? |
E.g. a user who copy-pasted the e-mail address may later on try to login using lowercase e-mail address. And for sure this one will be hard to troubleshoot. |
@mattab
Got:
Expected:
So i think that email input should be normalized to lower case. |
Thanks for the report, we will investigate a fix |
I think I'm missing something: users log into Piwik using their username, not emails. Where is the problem happening? |
But they can enter e-mail as login. This is something to discuss further because forcing lowercase will also force lowercase logins. Maybe we should allow to use capital letters, but force lowercase only while checking if such username exists? FYI: e-mail is the default username when using Piwik Cloud. |
TIL 😄 So case insensitive for login and email would make sense then? I don't see a reason not to. |
I'm sorry I'm maybe being dense here but I can't login into my Piwik Cloud account or my local dev Piwik using my email (checked several time that it's the correct email). Login in with the username of course works. In the code, Where/how can we login with emails? |
They can enter e-mail as login while signing up. I mean that login and e-mail are the same. Sorry for confusion. |
not logging in by way of the actual email field of the user table, but the login field of the user table might contain an email address as its value. |
😖 Sorry, I didn't think of that because when I signed up to the cloud I ended up with the generic username of Then definitely will be case insensitive for all logins (emails and regular logins) since there's no difference between them. |
Sure, we've changed this on Cloud recently. Cheers! |
In my opinion users shouldn't be able to have two account which differ only by letter cases. Like "accont_login" and "AccOunt_loGin" shouldn't be two different logins. |
PR: #8610 |
I just tried to reproduce this issue:
What is the actual bug- @mnapoli @sebastianpiskorski could you reproduce this or am I doing something wrong |
Ok got tip from @diosmosis " the bug is that the user created an account like: tesT@user.com by mistake and wants to login w/ test@user.com" so I get it now :) |
Or if the user correctly signed up (without "typo") as matt or test@user.com and wants to login as Matt or Test@user.com :) |
@mattab please see #8548 (comment) and #8548 (comment) This comment: #8548 (comment) Thanks! |
Fixes #8548, only allow case-insensitive login (while maintaining BC for 2.15 LTS)
In the internet in most cases email address is case insensitive, but unfortunately it is sensitive in Piwik. It should be always normalized at the input so user can use it in the way as they are used to.
The text was updated successfully, but these errors were encountered: