Store or verify emails as case-sensitive
Opened this issue · 7 comments
Issues were had when "Lcbantoto@gmail.com" was assigned mod status, but logging in with "lcbantoto@gmail.com" didn't allow me to use any mod tools. This might relate to people not being able to sign in.
I haven't looked much into how it's stored in DB, but ideally every email address should be stored as lowercase, with verification being a non-case-sensitive comparison.
The issue as you've described it shouldn't, and doesn't exist as far as I'm aware. There's likely another explanation for why this has occurred. If you'd like to describe what steps I can do to reproduce it I'll provide a fix.
Secondly, it's not clear whether or not the non-domain part of an email should be case sensitive. I've defaulted to using Django's default authentication mechanism which has the non-domain part case sensitive. I'm sure that there's many GitHub issues on Django which discusses this choice, but they've put in a lot of work and effort in deciding it, so I trust their decision.
More information here: https://stackoverflow.com/questions/9807909/are-email-addresses-case-sensitive
Ok. Do we know what the issue was, then? If it's unrelated then another ticket should be created and this one should be closed.
@tso This is because we're currently using Django's EmailField for validating emails, which does not do case-sensitive comparisons and treats any changes to the non-domain portions of the email as a separate email.
I think enough users work off the assumption that emails are case sensitive, that a message under "EMAIL" should be included on the sign-in page.
I assume you mean "I think enough users work off the assumption that emails are case sensitive".
I don't care about this issue to be honest. Users won't be able to sign in if they use the wrong case. It's more correct to have it be case sensitive, as per the email RFC spec, but I don't mind if we make the app entirely case insensitive.
We should open another issue about being able to let players add emails that sign into their account and, potentially, change their primary email. It'd probably have to be a v2 project but imo I'm not sure what the solution is to check for case errors in emails that could be duplicate.
@tso After further investigation, I think we should do something as described in this stackexchange answer, where we store emails as case-sensitive, verify during signup & login as case-insensitive, and send emails as case-sensitive. Many people typo their emails, and the chances that Steve@example.com and steve@example.com are the same person are much higher than the possibility that they're two different people. Also, both Microsoft Outlook and Gmail ignore case sensitivity when creating and verifying emails from signup & signin.
This should also tie in with #54, where users can also view what their email is and be able to change their own typos when necessary so we don't have to do extra work to modify the DB (and potentially, add multiple verified emails they can sign in on?)