I checked the code in tools.py, the name of the function (list)
to be executed for 'onvalidation' for request_reset_password
is: reset_password_onvalidation (the neame is not right
it should correspond to the name of the operation -
request_reset_password - it should be renamed like:
request_reset_password_onvalidation)
Anyway - this is according to the login and registration way of
working, but in the case of request_reset_password it does not
works.
auth.settings.reset_password_onvalidation = login_email_lower
current.app.auth = auth
form=current.app.auth.request_reset_password()
Regarding IS_LOWER - the name says 'IS' which means 'check if'
probably the name is not right because I expect something like
TO_LOWER. Of the reasons on other post not using it is because
of the name.
Regarding tolower - if you have a Gmail account and you created
your email with lower case, later you can login with mixed case.
There is not a point to store the email in mixed case when it is
used as a login (no username, no first, last name, just email/password),
because from usability point of view it is a disaster.
I tested with several users and almost in all cases the experience was
like this.
My app is online app which is accessible from mobile devices as well as
from desktop. Same app, no change in layout specifically for mobile or
desktop.
Very simple.
Now one user creates an account myemail @ gmail.com in his iPad -
just email/password - user experience is great, it is quick, reliable, the
user is in the system.
Now same user opens up his Android phone and opens the web site address
of my app, sees the login screen and because he just created an account,
tries to login. Clicks on Sign In, email/password screen comes in and he
sees
his email whicj is (myemail @ gmail.com) like this: MyEmail (the @
gmail.com) is hidden
from Andorid browser for security reasons. So he assumes it is OK because
yes,
this is his email an he just adds the @ gmail part. Then he tries to login.
The app should pass him through because obviously that is his email address
no matter
the casing. So my app has to convert the email to lower case anyway.
Before to convert to lower case MyEmail @ gmail.com was not recognized and
he was frustrated because he just created his account and wonders why he
cannot login.
Because he badly wants to use my app, he thinks something was wrong with
the initial
account creation, so he clocks on Sign Up and creates an account
with MyEmail @ gmail.com.
I go to the Database View (GAE) and see he has now two accounts:
MyEmail @ gmail.com and myEmail @ gmail.com.
And no - this cannot be that way. The user does not cares about SMTP
protocols, etc.
He will abandon using my app on the spot, thinking it is insecure.
I believe this is frustration experienced from many web2py users using the
simplest
email/password login system possible.
Probably it is a good idea if Massimo looks at what I have just described
and make
the functionality needed login_email_lower is OK but it should work with
request_reset_password.
Thank you,
Regards,
--Constantine
