Using email as login is broken #3
Comments
|
What does the login field for this account in the database contain? |
|
I've looked into it a bit more. Problem is, the url is localhost:3000/[email protected] Rails routing thinks the account parameters is giga@le-pec and the format is org The URL localhost:3000/[email protected] works ok. I see no easy way to have the url localhost:3000/[email protected] work. |
|
I think we might be able to make this work by adding a routing constraint. Nevertheless I think we should not do this. Just because one is using his email to login does not mean, that the email should be the identifier. I think we should generate a proper url slug based on the email address or something like that, but having the email address in the openid seems weird. |
|
Using constraint would work, but we would have to build a constraint that knows about the supported format of the controller. Not very DRY... What identifier do you think could be used? |
Only if your client is using the URL + extension method for denoting format - you can always pass My thoughts:
|
|
Any progress on this? |
|
Providing a patch to use a route constraint would be a trivial effort, but the maints need to make an executive decision about including it. :tumbleweed: ;-) My vote would still be to just do that, since sane clients can/should to be sending |
|
I'm not sure of the constraint itself, if you know it, perhaps submitting a pull request would expedite it? |
|
@dennisreimann said he didn't want to do that, and since I've heard nothing back since my last response, I haven't bothered with a PR. |
I can see your point, but I think that having an OpenID like https://www.le-pec.org/openid/[email protected] would also confuse those users. Like I said I don't think that's a good idea, but we also have to take care of cases that OpenIDs like that are already out there - I don't know whether or not someone already used an OpenID containing the email address, which would not work anymore after a potential change. This leaves two possibilities:
Sorry for all of that. I messed it up when merging the pull request that allowed users to use their email address as login, because it did not take into account, that the login attribute should not be the email address in that case. |
We already have an OpenID provider that uses this format. It's backed by LDAP and supports users on multiple domains, so the only canonical identifier that makes sense is email address. So, when we add an LDAP user, they already have an OpenID identity that authenticates with the same email/password combination as all the other services. The only other option I could see would be maybe being able to infer the domain part from the HTTP domain like some webmail applications do, but that's a whole other kettle of fish.
I'd suggest doing this for a start, at least it makes things work for people who are fine with that.
For my use-case, it's a lot easier to tell someone to enter I grant that my use-case is possibly atypical though. I'll also say that users in my case don't know or care what 'OpenID' is, they just put whatever details they're told to into whatever boxes they're told to. If this second option was chosen, it'd have to be optional for me, though I can see why it would be useful. |
|
Okay, go ahead and implement the routing constraint. :) |
See dennisreimann/masq#3 for more details.
|
This seems fixed now that #14 has been merged & a new version released. |
When trying to log in from masq interface with email_as_login: true in config, the user is logged in but https://www.le-pec.org/openid/[email protected] results in a 404.
The text was updated successfully, but these errors were encountered: