Opened 12 years ago
Closed 11 years ago
#599 closed enhancement (fixed)
Allow login by username OR email
Reported by: | spaetz | Owned by: | Jessica Tallon |
---|---|---|---|
Priority: | trivial | Milestone: | |
Component: | programming | Keywords: | |
Cc: | Parent Tickets: |
Description
There is no reason we cannot offer the login form offering to either enter ones user name OR email address (which can be helpful if I don't remember the username I've been using).
This is very low-priority, of course.
Attachments (1)
Change History (5)
comment:1 by , 11 years ago
comment:2 by , 11 years ago
Owner: | changed from | to
---|---|
Status: | new → assigned |
comment:3 by , 11 years ago
The working code is on:
https://gitorious.org/~tsyesika/mediagoblin/tsyesikas-mediagoblin/commits/599-allow-email-login
I have done the following real world tests:
- Enter invalid username => failed login
- Enter invalid email => failed login
- Enter valid username and password => successful login
- Enter valid email and password => successful login
by , 11 years ago
Attachment: | issue_599.patch added |
---|
comment:4 by , 11 years ago
Resolution: | → fixed |
---|---|
Status: | assigned → closed |
I merged this. However: I have some slight concern in that we have no uniqueness database constraint on emails. Additionally, there's no way to change your email presently, but if we allowed it later we'd have to be very careful to not allow duplicate email addresses or that could introduce a security bug where you change an email address to someone else's and login by that. I don't know if that matters, and I might be over-worrying; I probably am.
There could be two ways of doing this:
I'm not sure which is best, currently I have implemented number one (though it would only take a section to implement 2) I have tested it and it works. There is one extra change in the login form which is to allow emails (just changing a boolean parameter passed in).