#111 ✓resolved
James

Email address is case sensitive for authentication purposes

Reported by James | October 31st, 2008 @ 09:58 AM | in 1.2

Summary

Email addresses are matched on a case sensitive manner for users in Kete. A result of this is that occasionally users cannot log in or cannot retrieve/reset their password because the email address they enter is not a case sensitive match to the one they entered during signup.

Solution

Update methods where email address are matched for authentication purposes not case sensitive.

Comments and changes to this ticket

  • James

    James January 13th, 2009 @ 03:32 PM

    • Milestone set to 1.2
    • State changed from “new” to “open”

    Looking at this, I see another potential problem.

    Since Kete allows multiple users with the same email address, the "Forgot password" system will not work for these users as it does not take this into account.

    Should this also be addressed now?

    James

  • Walter McGinnis

    Walter McGinnis January 13th, 2009 @ 03:36 PM

    Ah, good catch. Yes, do you have a proposed solution?

  • James

    James January 13th, 2009 @ 03:38 PM

    Can we assume the user knows their username?

    We would ask for username and email address. Would be more secure but
    would lock more people out who forget these kind of details.

    James

  • Walter McGinnis

    Walter McGinnis January 13th, 2009 @ 03:48 PM

    Ok, since the vast majority of people will not have this issue (multiple accounts associated with a single email), here's what I propose:

    • if after entering email address in forgot password form, the action finds that their is more than one user associated with it, return another form asking for login of the one they are after

    I think that way we don't fundamentally change the functionality for most users, but handle the edge case.

    Cheers, Walter

  • James

    James January 13th, 2009 @ 03:54 PM

    Sounds good to me.

    I think we should move forward with this solution.

    James

    On 13/01/2009, at 3:48 PM, Lighthouse wrote:

  • Kieran P

    Kieran P February 10th, 2009 @ 01:11 PM

    • Assigned user changed from “James” to “Kieran P”
  • Kieran P

    Kieran P February 11th, 2009 @ 11:22 AM

    • State changed from “open” to “to-review”

    Looks like emails are case insensitive already (password reset with upper case email works when the email in the database is lowercase).

    I've added in the form for login selection when an email has multiple logins.

    http://github.com/kete/kete/comm...

  • Kieran P

    Kieran P February 12th, 2009 @ 01:19 PM

    • State changed from “to-review” to “resolved”

    This work has been completed and merged to master. Resolving ticket.

Please Sign in or create a free account to add a new ticket.

With your very own profile, you can contribute to projects, track your activity, watch tickets, receive and update tickets through your email and much more.

New-ticket Create new ticket

Create your profile

Help contribute to this project by taking a few moments to create your personal profile. Create your profile ยป

Kete was developed by Horowhenua Library Trust and Katipo Communications Ltd. to build a digital library of Horowhenua material.

People watching this ticket

Pages