passwordreset form requires email address case match

[tkimnguyen]

If you create a new user and specify an email address that has capital letters (e.g. Nguyen@plone.org), the new user receives an email with a link to the passwordreset form. The passwordreset form should ignore case (RFC822) but does not. Instead if the case of the email address you enter on the form does not match case exactly (e.g. nguyen@plone.org, you get this unhelpful error:

Error setting password
Sorry, this appears to be an invalid request. Please make sure you copied the URL exactly as it appears in your email and that you entered your email address correctly.

Also begs the question: if the URL the user clicks on contains their email address, why are we asking them to re-enter their email address? e.g. https://mysite/passwordreset/aaa8234bbb1324eee?userid=Nguyen@plone.org

[vangheem]

This happens when you use email as username setting.

[mauritsvanrees]

Which Plone version is this? On Plone 5 I expect this to work, because we ignore the case.
On Plone 4, you can add collective.emaillogin4 to the eggs for some fixes.
See https://pypi.python.org/pypi/collective.emaillogin4
and #1387

[tkimnguyen]

This was for Plone 4.3.3. Thanks @mauritsvanrees. Is it worth making the fix in the 4.3 line?

[mauritsvanrees]

No, I think not, the fixes are too invasive.

[tkimnguyen]

OK I'll split out this into a separate issue if you think it's worth pursuing:

if the URL the user clicks on contains their email address, why are we asking them to re-enter their email address? e.g. https://mysite/passwordreset/aaa8234bbb1324eee?userid=Nguyen@plone.org