New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Login inconsistency with uppercase email #469

Closed
adriangonz opened this Issue Dec 19, 2012 · 8 comments

Comments

Projects
None yet
6 participants
@adriangonz

adriangonz commented Dec 19, 2012

Hi.

I'm a developer on a MOOC (Massive Open Online Course): http://aemprende.unimooc.com/. This MOOC is giving badges to the users which pass our assessments, but they have reported us an issue. Let's see an example:

I have an account on Mozilla Persona, BookuLibros@gmail.com (note the uppercase 'B' and 'L'), and I am registered on the MOOC as bookulibros@gmail.com (everything on lowercase). If the MOOC tries to award user with a badge it fails because the Persona's account was created with some uppercase letters and the badge is submitted to an account with everything on lowercase.

I've seen this issue also when you register an account on Persona with uppercase letters and try to login from beta.openbadges.org. The login windows freezes.

I think that an easy solution would be to manage the OpenBadges users with everything on lowercase.

For any contact, you can email me at kaseyo23@gmail.com or unimooc-tec@dlsi.ua.es.

@threeqube

This comment has been minimized.

Show comment
Hide comment
@threeqube

threeqube Dec 19, 2012

Contributor

Hi @kaseyo23 this seems like a Persona issue but looping in @stenington and @brianloveswords to verify.

Contributor

threeqube commented Dec 19, 2012

Hi @kaseyo23 this seems like a Persona issue but looping in @stenington and @brianloveswords to verify.

@stenington

This comment has been minimized.

Show comment
Hide comment
@stenington

stenington Feb 13, 2013

Contributor

This one's a little weird, as technically whether or not the local part of an email address is case sensitive or not is up to the email server. So while we may never encounter it in the wild, it would be valid for mike@somewhere.com and Mike@somewhere.com to actually be two separate email address for two separate people, if that's how somewhere.com wants to do things.

On the other end of the spectrum, Gmail actually permits you to add extra stuff that it will just strip out, so mikel@gmail.com, mike.l@gmail.com, and mike.l+whatever@gmail.com will all get delivered to the same inbox.

While I think the latter is more common and most email addresses are case-insensitive, comparing them in a case-sensitive way is technically correct.

Contributor

stenington commented Feb 13, 2013

This one's a little weird, as technically whether or not the local part of an email address is case sensitive or not is up to the email server. So while we may never encounter it in the wild, it would be valid for mike@somewhere.com and Mike@somewhere.com to actually be two separate email address for two separate people, if that's how somewhere.com wants to do things.

On the other end of the spectrum, Gmail actually permits you to add extra stuff that it will just strip out, so mikel@gmail.com, mike.l@gmail.com, and mike.l+whatever@gmail.com will all get delivered to the same inbox.

While I think the latter is more common and most email addresses are case-insensitive, comparing them in a case-sensitive way is technically correct.

@stenington

This comment has been minimized.

Show comment
Hide comment
@stenington

stenington Feb 13, 2013

Contributor

Note also the discussion on the Persona side.

Contributor

stenington commented Feb 13, 2013

Note also the discussion on the Persona side.

@threeqube

This comment has been minimized.

Show comment
Hide comment
@threeqube

threeqube Apr 4, 2013

Contributor

Closing. Discussion should happen on Persona.

Contributor

threeqube commented Apr 4, 2013

Closing. Discussion should happen on Persona.

@threeqube threeqube closed this Apr 4, 2013

@stenington stenington referenced this issue Apr 17, 2013

Closed

ALLCAPS@email.com breaks account creation #840

0 of 4 tasks complete
@cmcavoy

This comment has been minimized.

Show comment
Hide comment
@cmcavoy

cmcavoy Feb 7, 2014

Contributor

Going to re-open this as it's come up again for community members. The suggestion from the Persona thread seems reasonable,

For a concrete example, say:
    A user verifies Foo@example.com with browserid.org.
    We store Foo@example.com in a case-preserving manner and assert Foo@example.com to RPs.
    The user logs out of browserid.org.
    The user attempts to log in to browserid.org as foo@example.com.
    We do a case-insensitive lookup, find the Foo@example.com account, authenticate the user against that, and assert Foo@example.com to RPs.
Thus, the user always asserts the same casing, but can log in to browserid.org without worrying about case.

We should recreate this behavior in the backpack. It would eliminate casing issues.

Contributor

cmcavoy commented Feb 7, 2014

Going to re-open this as it's come up again for community members. The suggestion from the Persona thread seems reasonable,

For a concrete example, say:
    A user verifies Foo@example.com with browserid.org.
    We store Foo@example.com in a case-preserving manner and assert Foo@example.com to RPs.
    The user logs out of browserid.org.
    The user attempts to log in to browserid.org as foo@example.com.
    We do a case-insensitive lookup, find the Foo@example.com account, authenticate the user against that, and assert Foo@example.com to RPs.
Thus, the user always asserts the same casing, but can log in to browserid.org without worrying about case.

We should recreate this behavior in the backpack. It would eliminate casing issues.

@JohnSmith-LT

This comment has been minimized.

Show comment
Hide comment
@JohnSmith-LT

JohnSmith-LT Jun 12, 2014

Hi,

Any idea when this will be fixed? Code School is one example of a site that takes whatever email address you enter and makes it all lowercase (j.j.smith@), resulting in the badges contained there not being ported back to the Mozilla Backpack which used caps (J.J.Smith@). It's a real pain.

Have tried getting Code School to resolve without any luck but can see it happening again since several sites do these silly things to your data to make it look the way they want it to...

JohnSmith-LT commented Jun 12, 2014

Hi,

Any idea when this will be fixed? Code School is one example of a site that takes whatever email address you enter and makes it all lowercase (j.j.smith@), resulting in the badges contained there not being ported back to the Mozilla Backpack which used caps (J.J.Smith@). It's a real pain.

Have tried getting Code School to resolve without any luck but can see it happening again since several sites do these silly things to your data to make it look the way they want it to...

@threeqube

This comment has been minimized.

Show comment
Hide comment
@threeqube

threeqube Sep 29, 2014

Contributor

This continues to be an issue.

Contributor

threeqube commented Sep 29, 2014

This continues to be an issue.

@mattdigitalme

This comment has been minimized.

Show comment
Hide comment
@mattdigitalme

mattdigitalme Jul 5, 2017

Contributor

Linked: #1130

Contributor

mattdigitalme commented Jul 5, 2017

Linked: #1130

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment