[Framework-Team] Plip 9214 (email logins) ready for review

Wichert Akkerman wichert at wiggy.net
Sun Aug 16 07:27:27 UTC 2009


On 2009-8-16 02:14, Maurits van Rees wrote:
> Hi all,
>
> Plip 9214, support logins using e-mail address instead of user id, is
> ready for review.
>
> Ticket:
> https://dev.plone.org/plone/ticket/9214
>
> Accompanying notes:
> https://dev.plone.org/plone/browser/buildouts/plone-coredev/branches/4.0/plips/plip9214-emaillogins.txt

Can you explain why using email addresses as login is a configuration 
option in site_properties instead of on a PAS plugin? All authentication 
configuration is on PAS plugins, so I would expect this to be there as well.

If you use the email address as login than user.getUserName() must also 
return the email address, so the changes in PasswordResetTool should not 
be needed. Looking at the notes this PLIP is creating a situation where 
a user logs in with something that is not the users login name, which is 
a pretty big deviation from standard behaviour, and I am not sure if 
that is desirable. I think 'Offer migration of current login names to 
email addresses' item from the further-ideas list should be mandatory.

Looking at your further ideas: email addresses are defined to be case 
sensitive in their local-part (not in the domain name), so lowercasing 
will technically violate standards. In reality I don't think any MTA is 
case sensitive (as witnessed by the fact that postmaster at domain works 
everywhere while the RFC defines Postmaster at domain) so this might still 
be a good thing to do from a user experience perspective. It does 
deserve a clear warning in the documentation.


Wichert.


-- 
Wichert Akkerman <wichert at wiggy.net>   It is simple to make things.
http://www.wiggy.net/                  It is hard to make things simple.




More information about the Framework-Team mailing list