Opened 16 years ago

Closed 16 years ago

Last modified 11 years ago

#7591 closed Uncategorized (fixed)

Authenticate By Email Support

Reported by: Paul Kenjora <pkenjora@…> Owned by: anonymous
Component: contrib.auth Version: dev
Severity: Normal Keywords: authenticate, email, login
Cc: Triage Stage: Design decision needed
Has patch: yes Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: no UI/UX: no

Description

Sometimes authenticating by email/password is preferable to username/password. Many sites today (including Google) use the email/passwprd method. Django authentication should support email and username authentication simultaneously (by developers choice).

The developer of a site will be responsible for picking which authentication method works best, the framework should support both.

Again discussion and more information at:

http://blog.awarelabs.com/?p=59

Attachments (1)

email_auth.diff (922 bytes ) - added by Paul Kenjora <pkenjora@…> 16 years ago.

Download all attachments as: .zip

Change History (15)

by Paul Kenjora <pkenjora@…>, 16 years ago

Attachment: email_auth.diff added

comment:1 by Paul Kenjora <pkenjora@…>, 16 years ago

Has patch: set
Owner: set to anonymous
Status: newassigned
Triage Stage: UnreviewedDesign decision needed

comment:2 by Paul Kenjora <pkenjora@…>, 16 years ago

Owner: changed from anonymous to Paul Kenjora
Status: assignednew

comment:3 by Paul Kenjora <pkenjora@…>, 16 years ago

Owner: changed from Paul Kenjora to anonymous
Status: newassigned

comment:4 by Jacob, 16 years ago

Resolution: wontfix
Status: assignedclosed

This is why Django has pluggable authentication backends.

comment:5 by anonymous, 16 years ago

Couldn't you make your own view that takes in an e-mail address and password, and authenticates from there?

comment:6 by Paul Kenjora <pkenjora@…>, 16 years ago

Why was authentication by username chosen over email, and why is it so exclusive? Why not support both from the same point in the code?

Sorry, not sure what the benefit of creating a new backend is (enough to offset code bloat)? Or the drawback of the patch above?

Insight appreciated for the sake of getting a better understanding of the framework...

comment:7 by Luke Plant, 16 years ago

The patch does not support the case where 2 users have the same email address, and as is will actually produce a 500 internal server error. This case is completely possible in the Django Users table (there is no UNIQUE constraint on the email address), and I'm a strong -1 on changing that because of the following use cases:

  • Married couples often share an email address (I have multiple instances of this in one of my live sites)
  • Sometimes users might want different 'personas' for logging in to a site, but the same email address.

So, this patch needs work at the very least, but I'm not sure if it is even fixable. There is no way of knowing which of the usernames sharing an email address should be picked, so you would have pick none. But if the framework advertises that it can support logging in by (username, password) or (email, password) then it should do so without bugs out of the box. But for logging in by email to work reliably, you have to add a constraint to the users database table.

in reply to:  7 ; comment:8 by haavikko@…, 16 years ago

Although it is not always possible to use e-mail account as the username, there are application domains where it is perfectly valid and helpful for the end users. It would be a good option to have, and the caveats should be clearly described in the documentation.

in reply to:  8 comment:9 by anonymous, 16 years ago

Replying to haavikko@gmail.com:

It is already an option -- you can roll your own view and do it there, very easily.

comment:10 by Zbigniew Braniecki, 16 years ago

Not sure if that's a material for separate bug, or just part of this one.
Why does django accept user name with '@' in the model, but refuses to allow to operate on such account from the panel later? Should a form be more restrictive than the model is?

We're currently rolling out an app for our project which uses double account system (local django authentication + LDAP based) and in such case, we'll have a lot of accounts with user name being an email.
Now, we can add/remove/use those accounts but editing them from django admin panel is unavailable.
Should I open a separate bug on this?

in reply to:  10 comment:11 by Luke Plant, 16 years ago

Replying to zbraniecki:

Should I open a separate bug on this?

It's a separate bug, but really it is part of 'model validation', which is in the works, so I wouldn't bother opening a bug about it. It's well known that admin forms can impose extra validation that the model itself does not.

comment:12 by Aymeric Augustin, 13 years ago

Easy pickings: unset
Severity: Normal
Type: Uncategorized
UI/UX: unset

#16709 was a duplicate.

comment:13 by Jacob, 13 years ago

milestone: 1.0 beta

Milestone 1.0 beta deleted

comment:14 by pkenjora@…, 11 years ago

Resolution: wontfixfixed

Since this shows up in search and has been fixed, its best to document it here.

This has been fixed with the implementation of custom authentication:

https://docs.djangoproject.com/en/dev/topics/auth/customizing/

Note: See TracTickets for help on using tickets.
Back to Top