@sebastianpiskorski opened this Issue on August 11th 2015 Contributor

In the internet in most cases email address is case insensitive, but unfortunately it is sensitive in Piwik. It should be always normalized at the input so user can use it in the way as they are used to.

@mattab commented on August 11th 2015 Owner

Hi @sebastianpiskorski what is the actual problem or bug that this can cause?

@quba commented on August 11th 2015 Contributor

E.g. a user who copy-pasted the e-mail address may later on try to login using lowercase e-mail address. And for sure this one will be hard to troubleshoot.

@sebastianpiskorski commented on August 11th 2015 Contributor

@mattab
Given:

  • User have registered with email: ExamplE@eXample.Com
  • User have tried to login with email example@example.com

Got:

  • Login error.

Expected:

  • Piwik successful login.

So i think that email input should be normalized to lower case.

@mattab commented on August 13th 2015 Owner

Thanks for the report, we will investigate a fix

@mnapoli commented on August 17th 2015 Member

I think I'm missing something: users log into Piwik using their username, not emails. Where is the problem happening?

@quba commented on August 17th 2015 Contributor

But they can enter e-mail as login. This is something to discuss further because forcing lowercase will also force lowercase logins. Maybe we should allow to use capital letters, but force lowercase only while checking if such username exists?

FYI: e-mail is the default username when using Piwik Cloud.

@mnapoli commented on August 17th 2015 Member

But they can enter e-mail as login

TIL :smile:

So case insensitive for login and email would make sense then? I don't see a reason not to.

@mnapoli commented on August 17th 2015 Member

I'm sorry I'm maybe being dense here but I can't login into my Piwik Cloud account or my local dev Piwik using my email (checked several time that it's the correct email). Login in with the username of course works.

In the code, Auth calls $model->getUser($this->login) which search in database only over the login, not the email.

Where/how can we login with emails?

@quba commented on August 17th 2015 Contributor

They can enter e-mail as login while signing up. I mean that login and e-mail are the same. Sorry for confusion.

@halabuda commented on August 17th 2015

not logging in by way of the actual email field of the user table, but the login field of the user table might contain an email address as its value.

@mnapoli commented on August 17th 2015 Member

They can enter e-mail as login while signing up. I mean that login and e-mail are the same. Sorry for confusion.

:confounded: Sorry, I didn't think of that because when I signed up to the cloud I ended up with the generic username of piwikadmin, so it didn't think more about that use case ;)

Then definitely will be case insensitive for all logins (emails and regular logins) since there's no difference between them.

@quba commented on August 17th 2015 Contributor

Sure, we've changed this on Cloud recently. Cheers!

@sebastianpiskorski commented on August 20th 2015 Contributor

In my opinion users shouldn't be able to have two account which differ only by letter cases. Like "accont_login" and "AccOunt_loGin" shouldn't be two different logins.

@mnapoli commented on August 20th 2015 Member

PR: #8610

@mattab commented on August 21st 2015 Owner

I just tried to reproduce this issue:

  • created a user with login = test<a class='mention' href='https://github.com/test'>@test</a>.com
  • then tried creating a user with login = TEST<a class='mention' href='https://github.com/test'>@test</a>.com
  • Got: Login 'test<a class='mention' href='https://github.com/test'>@test</a>.com' already exists.

What is the actual bug- @mnapoli @sebastianpiskorski could you reproduce this or am I doing something wrong

@mattab commented on August 21st 2015 Owner

Ok got tip from @diosmosis " the bug is that the user created an account like: tesT@user.com by mistake and wants to login w/ test@user.com" so I get it now :)

@mnapoli commented on August 21st 2015 Member

Or if the user correctly signed up (without "typo") as matt or test@user.com and wants to login as Matt or Test@user.com :)

@quba commented on August 21st 2015 Contributor
This Issue was closed on August 21st 2015
Powered by GitHub Issue Mirror