search

personalcancertoolkit / openmrs-module-patientportaltoolkit

Other
7 stars 9 forks source link

Allow users to login using email address #551

Closed bmamlin closed 2 weeks ago

bmamlin commented 2 months ago

In the CustomLoginPageController, before authenticating, we could check if the username contains an at sign (@) and, if so, search (case-insensitively) for a matching email address and, if found, substitute the associated username before authenticating.

PhilipAdeoye commented 1 month ago

When validating the login, we attempt to login using the username and password. If it fails, assume the username is an email address and try to find a person with that email. If a person is found with that email, get the username for that person and use it to log them in

bmamlin commented 1 month ago

When validating the login, we attempt to login using the username and password. If it fails, assume the username is an email address and try to find a person with that email. If a person is found with that email, get the username for that person and use it to log them in

Why try to log in with an email address? Usernames should never contain an at-sign and emails will always contain an at-sign, so username.contains("@") should reliably distinguish between email and non-email entries.

Wouldn't something like this work just before authentication?

if (username.contains("@")) {
  // returns original string if no user is found with given email address
  username = userWithEmailAddress(username);
}
PhilipAdeoye commented 1 month ago

Yeah, I thought about that, and it's clever and simple, but I wanted a more general solution