Opened 12 years ago

Closed 11 years ago

#599 closed enhancement (fixed)

Allow login by username OR email

Reported by: spaetz Owned by: Jessica Tallon
Priority: trivial Milestone:
Component: programming Keywords:
Cc: Parent Tickets:

Description

There is no reason we cannot offer the login form offering to either enter ones user name OR email address (which can be helpful if I don't remember the username I've been using).

This is very low-priority, of course.

Attachments (1)

issue_599.patch (2.0 KB ) - added by Jessica Tallon 11 years ago.

Download all attachments as: .zip

Change History (5)

comment:1 by Jessica Tallon, 11 years ago

There could be two ways of doing this:

  1. After the check of username, if it returns None (i.e. it couldn't find a user with that username) we go on to check this username against emails i.e.
    user = User.query.filter_by(username=login_form.data['username']).first()
    
    if not user:
        user = User.query.filter_by(email=login_form.data['username']).first()
    
    # code to handle logins here.
    
  1. We could detect if it's an email because usernames can't have "@" signs e.g.
    username = login_form.data['username']
    if "@" in username:
        user = User.query.filter_by(email=login_form.data['username']).first()
    else:
        user = User.query.filter_by(username=login_form.data['username']).first()
    
    # code to handle login
    

I'm not sure which is best, currently I have implemented number one (though it would only take a section to implement 2) I have tested it and it works. There is one extra change in the login form which is to allow emails (just changing a boolean parameter passed in).

comment:2 by Jessica Tallon, 11 years ago

Owner: changed from spaetz to Jessica Tallon
Status: newassigned

comment:3 by Jessica Tallon, 11 years ago

The working code is on:
https://gitorious.org/~tsyesika/mediagoblin/tsyesikas-mediagoblin/commits/599-allow-email-login

I have done the following real world tests:

  • Enter invalid username => failed login
  • Enter invalid email => failed login
  • Enter valid username and password => successful login
  • Enter valid email and password => successful login

by Jessica Tallon, 11 years ago

Attachment: issue_599.patch added

comment:4 by Christopher Allan Webber, 11 years ago

Resolution: fixed
Status: assignedclosed

I merged this. However: I have some slight concern in that we have no uniqueness database constraint on emails. Additionally, there's no way to change your email presently, but if we allowed it later we'd have to be very careful to not allow duplicate email addresses or that could introduce a security bug where you change an email address to someone else's and login by that. I don't know if that matters, and I might be over-worrying; I probably am.

Note: See TracTickets for help on using tickets.