I submitted an issue.
On Friday, December 9, 2011 11:23:04 AM UTC-5, Anthony wrote: > > I agree -- I think the auth system should convert all emails to lowercase > at all points. In particular, two accounts should not be allowed to have > the same email address, just with different cases. > > I see your confusion about the naming of IS_LOWER (there are a few other > validators like that too). Note, however, that it is a Validator object, > and like all validators, it does return a tuple of the form (value, error > message), though the error message is always None. In that sense, it is > in fact checking (or perhaps more precisely, confirming) that the value it > returns is all lowercase (of course, that's because it converts the value > to lowercase). > > Anthony > > On Friday, December 9, 2011 10:55:23 AM UTC-5, Constantine Vasil wrote: >> >> I checked the code in tools.py, the name of the function (list) >> to be executed for 'onvalidation' for request_reset_password >> is: reset_password_onvalidation (the neame is not right >> it should correspond to the name of the operation - >> request_reset_password - it should be renamed like: >> request_reset_password_onvalidation) >> >> Anyway - this is according to the login and registration way of >> working, but in the case of request_reset_password it does not >> works. >> >> auth.settings.reset_password_onvalidation = login_email_lower >> current.app.auth = auth >> form=current.app.auth.request_reset_password() >> >> Regarding IS_LOWER - the name says 'IS' which means 'check if' >> probably the name is not right because I expect something like >> TO_LOWER. Of the reasons on other post not using it is because >> of the name. >> >> Regarding tolower - if you have a Gmail account and you created >> your email with lower case, later you can login with mixed case. >> There is not a point to store the email in mixed case when it is >> used as a login (no username, no first, last name, just email/password), >> because from usability point of view it is a disaster. >> >> I tested with several users and almost in all cases the experience was >> like this. >> My app is online app which is accessible from mobile devices as well as >> from desktop. Same app, no change in layout specifically for mobile or >> desktop. >> Very simple. >> >> Now one user creates an account myemail @ gmail.com in his iPad - >> just email/password - user experience is great, it is quick, reliable, >> the user is in the system. >> >> Now same user opens up his Android phone and opens the web site address >> of my app, sees the login screen and because he just created an account, >> tries to login. Clicks on Sign In, email/password screen comes in and he >> sees >> his email whicj is (myemail @ gmail.com) like this: MyEmail (the @ >> gmail.com) is hidden >> from Andorid browser for security reasons. So he assumes it is OK because >> yes, >> this is his email an he just adds the @ gmail part. Then he tries to >> login. >> The app should pass him through because obviously that is his email >> address no matter >> the casing. So my app has to convert the email to lower case anyway. >> Before to convert to lower case MyEmail @ gmail.com was not recognized >> and >> he was frustrated because he just created his account and wonders why he >> cannot login. >> Because he badly wants to use my app, he thinks something was wrong with >> the initial >> account creation, so he clocks on Sign Up and creates an account >> with MyEmail @ gmail.com. >> I go to the Database View (GAE) and see he has now two accounts: >> MyEmail @ gmail.com and myEmail @ gmail.com. >> >> And no - this cannot be that way. The user does not cares about SMTP >> protocols, etc. >> He will abandon using my app on the spot, thinking it is insecure. >> >> I believe this is frustration experienced from many web2py users using >> the simplest >> email/password login system possible. >> >> Probably it is a good idea if Massimo looks at what I have just described >> and make >> the functionality needed login_email_lower is OK but it should work with >> request_reset_password. >> >> Thank you, >> >> Regards, >> --Constantine >> >>