Join GitHub today
Login inconsistency with uppercase email #469
I'm a developer on a MOOC (Massive Open Online Course): http://aemprende.unimooc.com/. This MOOC is giving badges to the users which pass our assessments, but they have reported us an issue. Let's see an example:
I have an account on Mozilla Persona, BookuLibros@gmail.com (note the uppercase 'B' and 'L'), and I am registered on the MOOC as firstname.lastname@example.org (everything on lowercase). If the MOOC tries to award user with a badge it fails because the Persona's account was created with some uppercase letters and the badge is submitted to an account with everything on lowercase.
I've seen this issue also when you register an account on Persona with uppercase letters and try to login from beta.openbadges.org. The login windows freezes.
I think that an easy solution would be to manage the OpenBadges users with everything on lowercase.
This one's a little weird, as technically whether or not the local part of an email address is case sensitive or not is up to the email server. So while we may never encounter it in the wild, it would be valid for
On the other end of the spectrum, Gmail actually permits you to add extra stuff that it will just strip out, so
While I think the latter is more common and most email addresses are case-insensitive, comparing them in a case-sensitive way is technically correct.
Going to re-open this as it's come up again for community members. The suggestion from the Persona thread seems reasonable,
For a concrete example, say: A user verifies Foo@example.com with browserid.org. We store Foo@example.com in a case-preserving manner and assert Foo@example.com to RPs. The user logs out of browserid.org. The user attempts to log in to browserid.org as email@example.com. We do a case-insensitive lookup, find the Foo@example.com account, authenticate the user against that, and assert Foo@example.com to RPs. Thus, the user always asserts the same casing, but can log in to browserid.org without worrying about case.
We should recreate this behavior in the backpack. It would eliminate casing issues.
Any idea when this will be fixed? Code School is one example of a site that takes whatever email address you enter and makes it all lowercase (j.j.smith@), resulting in the badges contained there not being ported back to the Mozilla Backpack which used caps (J.J.Smith@). It's a real pain.
Have tried getting Code School to resolve without any luck but can see it happening again since several sites do these silly things to your data to make it look the way they want it to...