Case-Insensitivity for casebook collaboration invitations #1363
Comments
|
Though email addresses today are almost universally case-insensitive throughout, according to the RFC the username portion of the address is case-sensitive, and Django enforces this. However, in all practical cases, email addresses are treated as case-insensitive these days and for an app of our scope, I think it's safe to follow common practice rather the original RFC. There is a complicated "correct" solution involving switching the email address field type to the Postgres-only CIText type, which does case-insensitive retrieval, but that involves enabling extensions on the Postgres side and I think is just not worth the risk and complexity. Depending on the most common actual use case we can mitigate this a few ways:
My recommendation is to do the first two items, which should do little harm, and also generate a small report on how many mixed-case email addresses we have. It may also help to give users following the reset password flow the opportunity to update their email address. |
…s before creating new accounts
…s before creating new accounts
[#1363] Check case-insensitively for existing collaborators before creating new accounts
|
We're doing a case-insensitive check at invitation time now, but @cath9 and I agree we should just go ahead and force-lower all new incoming email addresses at account creation. If someone tries to log in with mixed case that'll fail unless we also lower-cased all existing legacy addresses first. Given the number of accounts I think it's probably fine to just handle those as needed. |
There's some roughness around case sensitive usernames in collaborator invites. Smooth this out, possibly by making it easy to merge accounts.
The text was updated successfully, but these errors were encountered: