[Framework-Team] Plip 9214 (email logins) ready for review
Wichert Akkerman
wichert at wiggy.net
Sun Aug 16 07:27:27 UTC 2009
On 2009-8-16 02:14, Maurits van Rees wrote:
> Hi all,
>
> Plip 9214, support logins using e-mail address instead of user id, is
> ready for review.
>
> Ticket:
> https://dev.plone.org/plone/ticket/9214
>
> Accompanying notes:
> https://dev.plone.org/plone/browser/buildouts/plone-coredev/branches/4.0/plips/plip9214-emaillogins.txt
Can you explain why using email addresses as login is a configuration
option in site_properties instead of on a PAS plugin? All authentication
configuration is on PAS plugins, so I would expect this to be there as well.
If you use the email address as login than user.getUserName() must also
return the email address, so the changes in PasswordResetTool should not
be needed. Looking at the notes this PLIP is creating a situation where
a user logs in with something that is not the users login name, which is
a pretty big deviation from standard behaviour, and I am not sure if
that is desirable. I think 'Offer migration of current login names to
email addresses' item from the further-ideas list should be mandatory.
Looking at your further ideas: email addresses are defined to be case
sensitive in their local-part (not in the domain name), so lowercasing
will technically violate standards. In reality I don't think any MTA is
case sensitive (as witnessed by the fact that postmaster at domain works
everywhere while the RFC defines Postmaster at domain) so this might still
be a good thing to do from a user experience perspective. It does
deserve a clear warning in the documentation.
Wichert.
--
Wichert Akkerman <wichert at wiggy.net> It is simple to make things.
http://www.wiggy.net/ It is hard to make things simple.
More information about the Framework-Team
mailing list