-
Notifications
You must be signed in to change notification settings - Fork 15
handle email address like myname+tag@gmail.com (either full support, or better error handling) #12
Comments
The first place this falls down is at We could special case ignoring |
Yeah, let's punt on doing anything special with the email address in the near term timeframe. Real users are just user@example.com, and funky input can just error out. |
jrgm thought about this more ... and bigtent with gmail will break many bugzilla users. Doh! Possible fixes:
To help establish priority - Measure % of users in Mozilla databases using "plus addresses" |
Raising to 5 stars -- real users are using this in Bugzilla. We can't lock them out. Let's do a local fixup for gmail. @jrgm to investigate how Yahoo and Hotmail work with this stuff. For Yahoo, this looks like the most relevant thing: http://help.yahoo.com/tutorials/mail/mail_addressguard1.html |
About Yahoo!. I have an email address that we'll call someuser@yahoo.com. I sent and email from an @gmail.com address to that address ok, but sending to someuser+s1@yahoo.com results in an email bounce: "The error that the other server returned was: 554 554 delivery error: dd This user doesn't have a yahoo.com account (someuser+s1@yahoo.com) [0] - mta1318.mail.mud.yahoo.com (state 17)." I then tried to sign up as someuser+s1@yahoo.com and the yahoo.com web UI told me "Only letters, numbers, underscores, and one dot (.) are allowed". An attempt to use 'someuser-s1@yahoo.com' with a free account is bounced with a message similar to the bounce on '+' above. I bought Mail Plus, and created a basename (which cannot by 'someuser') and email to 'otheruser-s1@yahoo.com' is delivered ok. Note: these disposable addresses must be pre-configured, e.g., mail to otheruser-s2@yahoo.com will bounce. |
About Hotmail. Again, I have a free hotmail account, call it someuser@hotmail.com. Sending to someuser+s1@hotmail.com is delivered to someuser@hotmail.com inbox without any other configuration needed. So '+' is handled just like @gmail.com. I also tried sending to someuser-s1@hotmail.com, but that is bounced. When I tried to sign up with hotmail as someuser+s1@hotmail.com, it said "Your email address can contain only letters, numbers, periods (.), hyphens (-), and underscores (_). It can't contain special characters, accented letters, or letters outside the Latin alphabet." |
@jrgm: Can you sign into Yahoo using your otheruser-s1 address? Trying to figure out how that would interact with their OpenID auth. It sounds like we need to treat Gmail and Hotmail identically in this regard. It sounds like BigTent may break Persona for Yahoo users that use the Mail Plus disposable address feature. I don't know what we should do there. Any ideas? @ozten / @skinny97214 / @jrgm ? Using the current fallback flow for Yahoo addresses with a hyphen in them would probably be the most graceful thing we can do. Maybe change the Proxy IdP logic to dispatch based on regexes? :( |
@callahad No, I can't use otheruser-s1 to auth with yahoo (if says "hmm, unknown, are you trying to signup?). And if I start with otheruser-s1 but auth to yahoo with someuser@yahoo.com, I wind up with the dialog saying "Authentication Error: Sorry, it looks like you were trying to log in as otheruser-s1@yahoo.com, but were logged in to Yahoo as a different address."). So, the handling seems consistent (with s/+/-/ for the yahoo case). You can't use the "aliased" username to auth with {google,yahoo,hotmail}, and if you try to use the "alias" with persona and then auth with the real username, you fail on the mismatch. Maybe the right flow is to assume it's not an alias and then on a mismatch (that matches a possible alias), deal with it (user confirms again and some way to record the mapping). /me just making shit up as I go along again. |
Gah. Okay. If we roll out BigTent as is, then we lock Yahoo users out of sites that they're currently using Persona at. Even if this is a niche feature, I'm not comfortable doing that. Nice find, @jrgm. I don't know how to solve this. Since BigTent can't support all |
There are > 50 users with Yahoo addresses like this in our production database. :( |
What is the absolute % of bugzilla users affected? I don't know about 5 stars, I think this may be an acceptable known issue. |
I don't know if it would really happen... but technically this issue can be fixed in the RP as follows:
I strongly doubt bugzilla would take on this burden, but just wanted to document this additional solution space. |
Requesting absolute % from BMO team https://bugzilla.mozilla.org/show_bug.cgi?id=803243 |
Requesting absolute % from Service Ops team https://bugzilla.mozilla.org/show_bug.cgi?id=803246 |
Bugzilla:
|
Per discussion with Ben and Ozten, this is not a blocker for Yahoo's launch. Reassigning to M1: Google launch. The plan is to notify Yahoo! AddressGuard users in advance of BigTent hitting production so that they have time to make alternative arrangements for the RPs that they access and monitor that feedback. We'll also add an AddressGuard-specific error page to BigTent so that those users are informed of the issue. In parallel, we'll reach out to Yahoo and see if there's any (undocumented?) way to support AddressGuard users via OpenID. The above will be tracked in new GitHub issues. |
This also needs to be addressed for hotmail (but I don't see a way to put the same issues on two milestones). So just saying... |
For consideration, when you the user enters the email as myname+tag@gmail.com, we could strip out the +tag, auth as myname@gmail.com, but use the myname+tag address as the name in browserid.
This would mostly be something to ease testing of multiple accounts, and it may complicate things too much for this release; I can easily go create some gmail/yahoo/hotmail accounts for this testing round.
However, at minimum, we do need a bit better handling of such an email address, since right now, I get an error when using an address like that.
The text was updated successfully, but these errors were encountered: