I agree -- I think the auth system should convert all emails to lowercase at all points. In particular, two accounts should not be allowed to have the same email address, just with different cases.
I see your confusion about the naming of IS_LOWER (there are a few other validators like that too). Note, however, that it is a Validator object, and like all validators, it does return a tuple of the form (value, error message), though the error message is always None. In that sense, it is in fact checking (or perhaps more precisely, confirming) that the value it returns is all lowercase (of course, that's because it converts the value to lowercase). Anthony On Friday, December 9, 2011 10:55:23 AM UTC-5, Constantine Vasil wrote: > > I checked the code in tools.py, the name of the function (list) > to be executed for 'onvalidation' for request_reset_password > is: reset_password_onvalidation (the neame is not right > it should correspond to the name of the operation - > request_reset_password - it should be renamed like: > request_reset_password_onvalidation) > > Anyway - this is according to the login and registration way of > working, but in the case of request_reset_password it does not > works. > > auth.settings.reset_password_onvalidation = login_email_lower > current.app.auth = auth > form=current.app.auth.request_reset_password() > > Regarding IS_LOWER - the name says 'IS' which means 'check if' > probably the name is not right because I expect something like > TO_LOWER. Of the reasons on other post not using it is because > of the name. > > Regarding tolower - if you have a Gmail account and you created > your email with lower case, later you can login with mixed case. > There is not a point to store the email in mixed case when it is > used as a login (no username, no first, last name, just email/password), > because from usability point of view it is a disaster. > > I tested with several users and almost in all cases the experience was > like this. > My app is online app which is accessible from mobile devices as well as > from desktop. Same app, no change in layout specifically for mobile or > desktop. > Very simple. > > Now one user creates an account myemail @ gmail.com in his iPad - > just email/password - user experience is great, it is quick, reliable, the > user is in the system. > > Now same user opens up his Android phone and opens the web site address > of my app, sees the login screen and because he just created an account, > tries to login. Clicks on Sign In, email/password screen comes in and he > sees > his email whicj is (myemail @ gmail.com) like this: MyEmail (the @ > gmail.com) is hidden > from Andorid browser for security reasons. So he assumes it is OK because > yes, > this is his email an he just adds the @ gmail part. Then he tries to login. > The app should pass him through because obviously that is his email > address no matter > the casing. So my app has to convert the email to lower case anyway. > Before to convert to lower case MyEmail @ gmail.com was not recognized > and > he was frustrated because he just created his account and wonders why he > cannot login. > Because he badly wants to use my app, he thinks something was wrong with > the initial > account creation, so he clocks on Sign Up and creates an account > with MyEmail @ gmail.com. > I go to the Database View (GAE) and see he has now two accounts: > MyEmail @ gmail.com and myEmail @ gmail.com. > > And no - this cannot be that way. The user does not cares about SMTP > protocols, etc. > He will abandon using my app on the spot, thinking it is insecure. > > I believe this is frustration experienced from many web2py users using the > simplest > email/password login system possible. > > Probably it is a good idea if Massimo looks at what I have just described > and make > the functionality needed login_email_lower is OK but it should work with > request_reset_password. > > Thank you, > > Regards, > --Constantine > >
