-
Notifications
You must be signed in to change notification settings - Fork 102
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
email uniqueness is done with case-sensitivity on some databases #11
Comments
A functional index on |
Maybe we could do get by with just Is there a problem just calling |
https://github.com/fusionbox/django-authtools/blob/master/authtools/models.py#L14 Is there anything we can do? |
This is a bit of a trouble spot for users entering emails in interesting ways. 👍 for any fix.. |
#31 won't work for anyone on Postgres. It simply does a .lower() on the incoming login, but not the database User.get operation. So if there's a capitalised email in the database it's impossible to login. |
Here's a better way: class AccountManager(models.Manager):
def get_by_natural_key(self, username):
field_name = f'{self.model.USERNAME_FIELD}__iexact'
return self.get(**{field_name: username}) Set this on your custom user model. |
Isn't that handled by CaseInsensitiveEmailBackendMixin? |
Django-improved-user argues that it's better to store the e-mail addresses in a case sensitive field and use case-insensitive queries to filter for a match: https://django-improved-user.readthedocs.io/en/latest/email_warning.html @aidanlister's example seems to cover that, but he might also need to have an index on Although the first part of the e-mail is supposed to be case sensitive (according to RFC 5321), I don't know of any e-mail providers that actually do that. So maybe it doesn't matter? |
Postgres performs string comparison case-sensitively, mysql does it case-insensitive. This means that on postgres,
[email protected]
,[email protected]
and[email protected]
are all distinct emails, and a user could register with each one.Domain names are not case sensitive, so at least the domain part should lowercased. The local part of an email address is technically case sensitive, but I don't think it is in practice.
The easiest way to accomplish this would be to lowercase email addresses before storing them, but it might be wrong to mangle addresses like that.
The text was updated successfully, but these errors were encountered: