Open wsanchez opened 5 years ago
Ran into this today.
We could add to the label "Case Sensitive" to make it more clear.
In addition it seems to take email address like clubhouse for my account. If this is consistently true we can change the label to indicate that your clubhouse email is OK too.
Using email as a login token also has its problems: the way an email provider treats the left side of the email (anything before the @domain) is not covered by the RFC, and left at the discretion of the provider. Thus, some providers are case insensitive @.*** is the same as Climent@), some treat periods as null (jesus.climent@ is the same as jesuscliment@), and so on.
This does not apply to us (so far we don't charge people for being rangers, and do not store credit card info), but leaving it here as an example of how bad it can get: https://jameshfisher.com/2018/04/07/the-dots-do-matter-how-to-scam-a-gmail-user/
On Wed, 17 Jul 2024 at 23:04, Bear @.***> wrote:
Ran into this today.
We could add to the label "Case Sensitive" to make it more clear.
In addition it seems to take email address like clubhouse for my account. If this is consistently true we can change the label to indicate that your clubhouse email is OK too.
— Reply to this email directly, view it on GitHub https://github.com/burningmantech/ranger-ims-server/issues/304#issuecomment-2234282599, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAFHC6EYFWMV24B5FML4QU3ZM3L2RAVCNFSM6AAAAABLBMM3N6VHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDEMZUGI4DENJZHE . You are receiving this because you are subscribed to this thread.Message ID: @.***>
-- climent () gmail ! com
Since the IMS pulls credentials from the Clubhouse, the IMS should mirror the login form used. That is the IMS login form should say to the use the email address, not callsign.
Logging in with Ranger handle is case-sensitive. This confuses people.