[web2py] Re: Where is the best place to make e-mail by registration and login to be converted always to lower case?
Thank you, Anthony, The reset_email_lower() worked for me. I just needed to use table_user() instead of table_user. By reading this thread, I am now able to store emails as lower case, but allow upper/mixed case logins and password resets. Just what I was looking for! Thank you, everyone. Mark --
[web2py] Re: Where is the best place to make e-mail by registration and login to be converted always to lower case?
I added this code (reset_email_lower) to registration too. But I checked the database and see the following: 1) I create a new user account with email all lower case. 2) the app logs in as default. 3) Log out. 4) I try to create a new user account with same email but first letter a capital. I see in the database that a new account is created and the email is stored a lower cap but now I have two id's with the same email in auth_user table 5) after creating the new account the app logs automatically and in auth_event I see User # Registered and in user_id column the user_id of the other account which already was created with lower caps. Bottom line - when registering - how to convert the email to lower cap so web2py to be able to check if the same email is already registered, and if so to prevent creating of a new account and notify the user that the account already exist.
[web2py] Re: Where is the best place to make e-mail by registration and login to be converted always to lower case?
I checked the code in tools.py, the name of the function (list) to be executed for 'onvalidation' for request_reset_password is: reset_password_onvalidation (the neame is not right it should correspond to the name of the operation - request_reset_password - it should be renamed like: request_reset_password_onvalidation) Anyway - this is according to the login and registration way of working, but in the case of request_reset_password it does not works. auth.settings.reset_password_onvalidation = login_email_lower current.app.auth = auth form=current.app.auth.request_reset_password() Regarding IS_LOWER - the name says 'IS' which means 'check if' probably the name is not right because I expect something like TO_LOWER. Of the reasons on other post not using it is because of the name. Regarding tolower - if you have a Gmail account and you created your email with lower case, later you can login with mixed case. There is not a point to store the email in mixed case when it is used as a login (no username, no first, last name, just email/password), because from usability point of view it is a disaster. I tested with several users and almost in all cases the experience was like this. My app is online app which is accessible from mobile devices as well as from desktop. Same app, no change in layout specifically for mobile or desktop. Very simple. Now one user creates an account myemail @ gmail.com in his iPad - just email/password - user experience is great, it is quick, reliable, the user is in the system. Now same user opens up his Android phone and opens the web site address of my app, sees the login screen and because he just created an account, tries to login. Clicks on Sign In, email/password screen comes in and he sees his email whicj is (myemail @ gmail.com) like this: MyEmail (the @ gmail.com) is hidden from Andorid browser for security reasons. So he assumes it is OK because yes, this is his email an he just adds the @ gmail part. Then he tries to login. The app should pass him through because obviously that is his email address no matter the casing. So my app has to convert the email to lower case anyway. Before to convert to lower case MyEmail @ gmail.com was not recognized and he was frustrated because he just created his account and wonders why he cannot login. Because he badly wants to use my app, he thinks something was wrong with the initial account creation, so he clocks on Sign Up and creates an account with MyEmail @ gmail.com. I go to the Database View (GAE) and see he has now two accounts: MyEmail @ gmail.com and myEmail @ gmail.com. And no - this cannot be that way. The user does not cares about SMTP protocols, etc. He will abandon using my app on the spot, thinking it is insecure. I believe this is frustration experienced from many web2py users using the simplest email/password login system possible. Probably it is a good idea if Massimo looks at what I have just described and make the functionality needed login_email_lower is OK but it should work with request_reset_password. Thank you, Regards, --Constantine
[web2py] Re: Where is the best place to make e-mail by registration and login to be converted always to lower case?
Thank you, it would be much easier - all lower case - all major email providers like Google, etc. prefer a better user experience than strict protocol. I believe Massimo will agree. Massimo? Now the last important issue: auth.settings.reset_password_onvalidation = login_email_lower current.app.auth = auth form=current.app.auth.request_reset_password() If this is not working - it would be a disaster - users not able to change their password. They will call us and we have to tell them - use all lowercase. They will say - but that is really them same mine email?!? What the BS. How to make this work?
[web2py] Re: Where is the best place to make e-mail by registration and login to be converted always to lower case?
I submitted an issue. On Friday, December 9, 2011 11:23:04 AM UTC-5, Anthony wrote: I agree -- I think the auth system should convert all emails to lowercase at all points. In particular, two accounts should not be allowed to have the same email address, just with different cases. I see your confusion about the naming of IS_LOWER (there are a few other validators like that too). Note, however, that it is a Validator object, and like all validators, it does return a tuple of the form (value, error message), though the error message is always None. In that sense, it is in fact checking (or perhaps more precisely, confirming) that the value it returns is all lowercase (of course, that's because it converts the value to lowercase). Anthony On Friday, December 9, 2011 10:55:23 AM UTC-5, Constantine Vasil wrote: I checked the code in tools.py, the name of the function (list) to be executed for 'onvalidation' for request_reset_password is: reset_password_onvalidation (the neame is not right it should correspond to the name of the operation - request_reset_password - it should be renamed like: request_reset_password_onvalidation) Anyway - this is according to the login and registration way of working, but in the case of request_reset_password it does not works. auth.settings.reset_password_onvalidation = login_email_lower current.app.auth = auth form=current.app.auth.request_reset_password() Regarding IS_LOWER - the name says 'IS' which means 'check if' probably the name is not right because I expect something like TO_LOWER. Of the reasons on other post not using it is because of the name. Regarding tolower - if you have a Gmail account and you created your email with lower case, later you can login with mixed case. There is not a point to store the email in mixed case when it is used as a login (no username, no first, last name, just email/password), because from usability point of view it is a disaster. I tested with several users and almost in all cases the experience was like this. My app is online app which is accessible from mobile devices as well as from desktop. Same app, no change in layout specifically for mobile or desktop. Very simple. Now one user creates an account myemail @ gmail.com in his iPad - just email/password - user experience is great, it is quick, reliable, the user is in the system. Now same user opens up his Android phone and opens the web site address of my app, sees the login screen and because he just created an account, tries to login. Clicks on Sign In, email/password screen comes in and he sees his email whicj is (myemail @ gmail.com) like this: MyEmail (the @ gmail.com) is hidden from Andorid browser for security reasons. So he assumes it is OK because yes, this is his email an he just adds the @ gmail part. Then he tries to login. The app should pass him through because obviously that is his email address no matter the casing. So my app has to convert the email to lower case anyway. Before to convert to lower case MyEmail @ gmail.com was not recognized and he was frustrated because he just created his account and wonders why he cannot login. Because he badly wants to use my app, he thinks something was wrong with the initial account creation, so he clocks on Sign Up and creates an account with MyEmail @ gmail.com. I go to the Database View (GAE) and see he has now two accounts: MyEmail @ gmail.com and myEmail @ gmail.com. And no - this cannot be that way. The user does not cares about SMTP protocols, etc. He will abandon using my app on the spot, thinking it is insecure. I believe this is frustration experienced from many web2py users using the simplest email/password login system possible. Probably it is a good idea if Massimo looks at what I have just described and make the functionality needed login_email_lower is OK but it should work with request_reset_password. Thank you, Regards, --Constantine
[web2py] Re: Where is the best place to make e-mail by registration and login to be converted always to lower case?
Thank you! Now - I am very close to a launch live phase - are there a workaround like with login_email_lower? I don't know how long it will take to patch but with a workaround I am in control. Your help is very much appreciated.
[web2py] Re: Where is the best place to make e-mail by registration and login to be converted always to lower case?
Now - I am very close to a launch live phase - are there a workaround like with login_email_lower? I'm not sure -- I would expect the request_reset_password onvalidation to work. I suppose you could intercept the request.vars in your controller and do the conversion before Auth gets it. Another option might be client-side conversion to lowercase via Javascript (either as the user types or upon form submission).
[web2py] Re: Where is the best place to make e-mail by registration and login to be converted always to lower case?
I suppose you could intercept the request.vars in your controller and do the conversion before Auth gets it. This is OK - could you please tell me with a code how you would do it? I want to be sure it works and going with the debugger is time consuming if it does not. -- what you will add here? current.app.auth = auth form=current.app.auth.request_reset_password()
[web2py] Re: Where is the best place to make e-mail by registration and login to be converted always to lower case?
I guess anywhere an Auth form is processed, prior to calling the Auth method, do something like: if request.vars.email: request.vars.email = request.vars.email.lower() So when a user submits an Auth form with an email address, it is converted to lowercase before being passed to the Auth method or being saved in the db. Anthony On Friday, December 9, 2011 1:28:11 PM UTC-5, Constantine Vasil wrote: I suppose you could intercept the request.vars in your controller and do the conversion before Auth gets it. This is OK - could you please tell me with a code how you would do it? I want to be sure it works and going with the debugger is time consuming if it does not. -- what you will add here? current.app.auth = auth form=current.app.auth.request_reset_password()
[web2py] Re: Where is the best place to make e-mail by registration and login to be converted always to lower case?
I am using this: form=current.app.auth.request_reset_password() and it is in tools.py - is it possible this to be done outside tools.py?
[web2py] Re: Where is the best place to make e-mail by registration and login to be converted always to lower case?
Not sure I understand -- are you saying you added that line to tools.py? What does you code look like? BTW, I think the onvalidation for request_reset_password didn't work because request_reset_password adds a validator to the email field that requires the submitted email address to be in the db. If the address is converted to lower at registration time, but the user enters an address containing caps on the request_reset_password form, the submitted address won't be found, and validation will fail before the onvalidation function gets called. Here's a secret -- onvalidation can be a dictionary with keys 'onsuccess' and 'onfailure'. You could create an onvalidation['onfailure'] function that handles the conversion and lookup. It should check if there's a form.errors.email, and if so, convert form.vars.email to lowercase, check to see if the converted email is in the db, and if so, delete form.errors.email. The form will then pass validation. Anthony On Friday, December 9, 2011 3:20:57 PM UTC-5, Constantine Vasil wrote: I am using this: form=current.app.auth.request_reset_password() and it is in tools.py - is it possible this to be done outside tools.py?
[web2py] Re: Where is the best place to make e-mail by registration and login to be converted always to lower case?
are you saying you added that line to tools.py - o no - I would not have enough understanding to do that yet, and my focus in on my project because I have a deadline. Any help with request_reset_password issue would be much appreciated. Thank you!
[web2py] Re: Where is the best place to make e-mail by registration and login to be converted always to lower case?
Maybe: auth.settings.reset_password_onvalidation = dict(onfailure=reset_email_lower) def reset_email_lower(form): if form.errors.email: form.vars.email = form.vars.email.lower() if db(auth.table_user.email == form.vars.email).count(): del form.errors.email Anthony On Friday, December 9, 2011 4:55:13 PM UTC-5, Constantine Vasil wrote: are you saying you added that line to tools.py - o no - I would not have enough understanding to do that yet, and my focus in on my project because I have a deadline. Any help with request_reset_password issue would be much appreciated. Thank you!
[web2py] Re: Where is the best place to make e-mail by registration and login to be converted always to lower case?
Great! Will try it now. Thank you!
[web2py] Re: Where is the best place to make e-mail by registration and login to be converted always to lower case?
I believe this: if db(auth.table_user.email == form.vars.email).count(): should be: if (db.auth_user.email == form.vars.email).count(): Is that correct?
[web2py] Re: Where is the best place to make e-mail by registration and login to be converted always to lower case?
It should be: if db(auth.user.email == form.vars.email).count(): but auth.user is None because the user is logged of.
[web2py] Re: Where is the best place to make e-mail by registration and login to be converted always to lower case?
On Friday, December 9, 2011 6:05:09 PM UTC-5, Constantine Vasil wrote: I believe this: if db(auth.table_user.email == form.vars.email).count(): Sorry, should be auth.settings.table_user.email. auth.settings.table_user is the user table, which is typically (but need not be) db.auth_user. should be: if (db.auth_user.email == form.vars.email).count(): db.auth_user.email is fine, assuming your db connection is 'db' and your user table is 'auth_user'. Anthony
[web2py] Re: Where is the best place to make e-mail by registration and login to be converted always to lower case?
On Friday, December 9, 2011 6:33:54 PM UTC-5, Constantine Vasil wrote: It should be: if db(auth.user.email == form.vars.email).count(): but auth.user is None because the user is logged of. No, you're not checking whether the email is from the current logged in user, you are simply checking whether the submitted email address is in the auth_user table (i.e., the equivalent of IS_IN_DB(db, 'auth_user.email')). Anthony
[web2py] Re: Where is the best place to make e-mail by registration and login to be converted always to lower case?
Got this error: KeyError: 'auth_user' The code is: form.vars.email = form.vars.email.lower() form_vars_email=form.vars.email table_user_email = auth.settings.table_user.email if db( table_user_email == form.vars.email).count(): del form.errors.email the table is: auth_user
[web2py] Re: Where is the best place to make e-mail by registration and login to be converted always to lower case?
OK - I didn't set the db right, now it work.
[web2py] Re: Where is the best place to make e-mail by registration and login to be converted always to lower case?
I tested this: in registration form - entered lower case email, then in login form entered email with first letter - a capital. The message was 'Invalid login'. In registration form: == auth.settings.table_user.email.requires=[ IS_LOWER(), IS_EMAIL(), IS_NOT_IN_DB(db,auth.settings.table_user.email) ] current.app.auth = auth form=current.app.auth.register() In login form == auth.settings.table_user.email.requires=[ IS_LOWER(),IS_EMAIL(), IS_NOT_IN_DB(db,auth.settings.table_user.email) ] current.app.auth = auth form=current.app.auth.login(next=login_next) ==
[web2py] Re: Where is the best place to make e-mail by registration and login to be converted always to lower case?
What login method are you using? I would think that would work with the standard login method, but when using alternative methods, it looks like the login() code uses request.vars[username], which would be the un-transformed password (i.e., not converted to lowercase). Anthony On Thursday, December 8, 2011 11:12:40 PM UTC-5, Constantine Vasil wrote: I tested this: in registration form - entered lower case email, then in login form entered email with first letter - a capital. The message was 'Invalid login'. In registration form: == auth.settings.table_user.email.requires=[ IS_LOWER(), IS_EMAIL(), IS_NOT_IN_DB(db,auth.settings.table_user.email) ] current.app.auth = auth form=current.app.auth.register() In login form == auth.settings.table_user.email.requires=[ IS_LOWER(),IS_EMAIL(), IS_NOT_IN_DB(db,auth.settings.table_user.email) ] current.app.auth = auth form=current.app.auth.login(next=login_next) ==
[web2py] Re: Where is the best place to make e-mail by registration and login to be converted always to lower case?
OK - this is working auth.settings.login_onvalidation = login_email_lower current.app.auth = auth form=current.app.auth.login(next=login_next) it works also for registration: auth.settings.register_onvalidation = login_email_lower current.app.auth = auth form=current.app.auth.register() def login_email_lower(form): form.vars.email = form.vars.email.lower() return(form) I registered with lower caps email. But when I try to enter mixed caps email in request_reset_password, it does not works and it does not shows an error message: auth.settings.reset_password_onvalidation = login_email_lower current.app.auth = auth form=current.app.auth.request_reset_password() What is the correct way to use it?
[web2py] Re: Where is the best place to make e-mail by registration and login to be converted always to lower case?
Not sure why that's not working. Regarding IS_LOWER not working for login, I think the problem might be that the login() function temporarily replaces the username field's 'requires' with just an IS_EMAIL validator. Anthony On Friday, December 9, 2011 1:23:22 AM UTC-5, Constantine Vasil wrote: OK - this is working auth.settings.login_onvalidation = login_email_lower current.app.auth = auth form=current.app.auth.login(next=login_next) it works also for registration: auth.settings.register_onvalidation = login_email_lower current.app.auth = auth form=current.app.auth.register() def login_email_lower(form): form.vars.email = form.vars.email.lower() return(form) I registered with lower caps email. But when I try to enter mixed caps email in request_reset_password, it does not works and it does not shows an error message: auth.settings.reset_password_onvalidation = login_email_lower current.app.auth = auth form=current.app.auth.request_reset_password() What is the correct way to use it?