[OpenStreetMap] #4143: Case sensitivity regarding email in sign-up and password recovery

OpenStreetMap trac at openstreetmap.org
Mon Dec 12 10:41:35 GMT 2011


#4143: Case sensitivity regarding email in sign-up and password recovery
-------------------------+--------------------------------------------------
 Reporter:  rasher       |       Owner:  rails-dev@…                
     Type:  enhancement  |      Status:  new                        
 Priority:  minor        |   Milestone:                             
Component:  website      |     Version:                             
 Keywords:               |  
-------------------------+--------------------------------------------------
 I recently talked to a mapper who was having trouble recovering his
 password so he could accept ODbL. It turned out when he signed up, he had
 used a different case than usual when entering his email address, and the
 password recovery process is case sensitive.

 I've found that signup is also case-sensitive. I managed to signup for two
 accounts on the api06.dev using RASHER at gmail and rasher at gmail.

 Now, email is by standard case-sensitive on the local name part, so you
 could say we're following the standard, and be done with it. However, this
 is rarely - if ever - the case on mail servers in "the real world", and I
 suspect most users don't expect it, so I think there's still room to
 question whether this is a good idea.

 A few possible things to do:

  * Make sign-up case-insensitive. This could probably be done without
 other harm than offending the standards, I suspect.
  * Make password-recovery case-insensitive. This becomes problematic if
 there are already accounts in the db using the same email with different
 case for the local name part.
  * Make password-recovery as case-insensitive as possible. Look up
 accounts matching the entered email address case-insensitively. If there's
 a single match, we act case-insensitively. If there are more than one
 match, require a case sensitive match as well. This gets around the
 problem of existing "double" accounts, at the cost of somewhat unexpected
 behaviour for those users.

-- 
Ticket URL: <https://trac.openstreetmap.org/ticket/4143>
OpenStreetMap <http://www.openstreetmap.org/>
OpenStreetMap is a free editable map of the whole world



More information about the rails-dev mailing list