Bug #4906
closedCase insensitive identity comparison in Wt::Auth
0%
Description
Comparison of identities (e.g. user name, email address, ...) should be case insensitive.
Updated by Roel Standaert almost 8 years ago
- Status changed from New to Implemented @Emweb
It's case insensitive now for e-mail addresses (in the Wt::Dbo implementation of the user database), if the AuthService is passed to the UserDatabase.
Updated by Koen Deforche almost 8 years ago
- Status changed from Implemented @Emweb to Resolved
Updated by Koen Deforche almost 8 years ago
- Status changed from Resolved to Closed
Updated by Stefan Hendrickx about 4 years ago
This issue appears to be resolved for email addresses, but not for username?
Updated by Roel Standaert about 4 years ago
Commit 0a57164a976214e0479eac520080017150323ddb indeed makes it case insensitive for email addresses only, so it's been like that since Wt 3.3.6. This is because email addresses are generally case insensitive (even though technically only the hostname part is defined as being case insensitive).
Making the identity case insensitive in general would be a significant behavioral change. I think we'd have to make it optional.
Updated by Roel Standaert about 4 years ago
It's probably best that you override UserDatabase::findWithIdentity for this purpose, since we can't do it in general.