[PLIP-Advisories] Re: [Plone] #9214: support logins using e-mail address instead of user id

plip-advisories at lists.plone.org plip-advisories at lists.plone.org
Tue Jun 30 17:59:35 UTC 2009


#9214: support logins using e-mail address instead of user id
-----------------------+----------------------------------------------------
 Reporter:  davisagli  |        Owner:  maurits
     Type:  PLIP       |       Status:  new    
 Priority:  minor      |    Milestone:  4.0    
Component:  Unknown    |   Resolution:         
 Keywords:             |  
-----------------------+----------------------------------------------------

Comment(by erikrose):

 Having spent a lot of time in the PAS and membership code, I'm concerned
 at adding more branches in there; there are a lot of cleanups that should
 happen first.

  * As alecm says, we need need NEED to stop using loginname to reference
 users internally; userid is the correct immutable key. I routinely change
 loginnames when clients move from Plone's built-in auth to our Kerberos
 auth.
  * The OpenID plugin has to do some truly awful hacks (the same ones I do
 in WebServerAuth) to be able to authenticate a non-enumeratable user; that
 needs to get fixed in PAS.
  * The setting of the last-login time and, IIRC, the firing of some
 important events are essentially hard-coded into the login_form. These
 should be moved elsewhere so non-form-based login can be a first-class
 citizen.

 I wonder if email-based login could be better implemented as an add-on
 once we improve the hook situation in PAS and the rest of the auth code.

 FWT vote: -1 for now. I think the idea is good, given that so many people
 seem to request this, but I want to be sure we implement it in a
 maintainable way rather than just glomming more branches onto an already
 hard-to-follow subsystem.

-- 
Ticket URL: <https://dev.plone.org/plone/ticket/9214#comment:24>
Plone <http://plone.org>
Plone Content Management System


More information about the PLIP-Advisories mailing list