#7591 closed Uncategorized (fixed)
Authenticate By Email Support
Reported by: | Owned by: | anonymous | |
---|---|---|---|
Component: | contrib.auth | Version: | dev |
Severity: | Normal | Keywords: | authenticate, email, login |
Cc: | Triage Stage: | Design decision needed | |
Has patch: | yes | Needs documentation: | no |
Needs tests: | no | Patch needs improvement: | no |
Easy pickings: | no | UI/UX: | no |
Description
Sometimes authenticating by email/password is preferable to username/password. Many sites today (including Google) use the email/passwprd method. Django authentication should support email and username authentication simultaneously (by developers choice).
The developer of a site will be responsible for picking which authentication method works best, the framework should support both.
Again discussion and more information at:
Attachments (1)
Change History (15)
by , 16 years ago
Attachment: | email_auth.diff added |
---|
comment:1 by , 16 years ago
Has patch: | set |
---|---|
Owner: | set to |
Status: | new → assigned |
Triage Stage: | Unreviewed → Design decision needed |
comment:2 by , 16 years ago
Owner: | changed from | to
---|---|
Status: | assigned → new |
comment:3 by , 16 years ago
Owner: | changed from | to
---|---|
Status: | new → assigned |
comment:4 by , 16 years ago
Resolution: | → wontfix |
---|---|
Status: | assigned → closed |
comment:5 by , 16 years ago
Couldn't you make your own view that takes in an e-mail address and password, and authenticates from there?
comment:6 by , 16 years ago
Why was authentication by username chosen over email, and why is it so exclusive? Why not support both from the same point in the code?
Sorry, not sure what the benefit of creating a new backend is (enough to offset code bloat)? Or the drawback of the patch above?
Insight appreciated for the sake of getting a better understanding of the framework...
follow-up: 8 comment:7 by , 16 years ago
The patch does not support the case where 2 users have the same email address, and as is will actually produce a 500 internal server error. This case is completely possible in the Django Users table (there is no UNIQUE constraint on the email address), and I'm a strong -1 on changing that because of the following use cases:
- Married couples often share an email address (I have multiple instances of this in one of my live sites)
- Sometimes users might want different 'personas' for logging in to a site, but the same email address.
So, this patch needs work at the very least, but I'm not sure if it is even fixable. There is no way of knowing which of the usernames sharing an email address should be picked, so you would have pick none. But if the framework advertises that it can support logging in by (username, password) or (email, password) then it should do so without bugs out of the box. But for logging in by email to work reliably, you have to add a constraint to the users database table.
follow-up: 9 comment:8 by , 16 years ago
Although it is not always possible to use e-mail account as the username, there are application domains where it is perfectly valid and helpful for the end users. It would be a good option to have, and the caveats should be clearly described in the documentation.
comment:9 by , 16 years ago
Replying to haavikko@gmail.com:
It is already an option -- you can roll your own view and do it there, very easily.
follow-up: 11 comment:10 by , 16 years ago
Not sure if that's a material for separate bug, or just part of this one.
Why does django accept user name with '@' in the model, but refuses to allow to operate on such account from the panel later? Should a form be more restrictive than the model is?
We're currently rolling out an app for our project which uses double account system (local django authentication + LDAP based) and in such case, we'll have a lot of accounts with user name being an email.
Now, we can add/remove/use those accounts but editing them from django admin panel is unavailable.
Should I open a separate bug on this?
comment:11 by , 16 years ago
Replying to zbraniecki:
Should I open a separate bug on this?
It's a separate bug, but really it is part of 'model validation', which is in the works, so I wouldn't bother opening a bug about it. It's well known that admin forms can impose extra validation that the model itself does not.
comment:12 by , 13 years ago
Easy pickings: | unset |
---|---|
Severity: | → Normal |
Type: | → Uncategorized |
UI/UX: | unset |
#16709 was a duplicate.
comment:14 by , 11 years ago
Resolution: | wontfix → fixed |
---|
Since this shows up in search and has been fixed, its best to document it here.
This has been fixed with the implementation of custom authentication:
This is why Django has pluggable authentication backends.