search

pow-auth / pow

Robust, modular, and extendable user authentication system
https://powauth.com
MIT License
1.58k stars 152 forks source link

Maintain case when storing emails #688

Open ghost opened 1 year ago

ghost commented 1 year ago

When I register with an email with upper case letters, they are converted to lowercase.

This is happening here

I want to maintain the upper case letters. Is there a simple way to allow for this?

danschultzer commented 1 year ago

There's no way to do it now, but I could make it configurable. It's important to note that the user id MUST be case insensitive, hence why it gets lowercased by default: https://cheatsheetseries.owasp.org/cheatsheets/Authentication_Cheat_Sheet.html#user-ids

There's no easy way to ensure the Ecto field/column is case insensitive, while not limiting the underlying database. And I wonder if making the normalization function configurable is the right approach. Why do you want it to maintain the case?

ghost commented 1 year ago

I have some users in my application who type their emails using uppercase letters. They complained about seeing their emails modified within the app.

More importantly though, from RFC 5321, section 2.3.11, the part before the "@" could be case-sensitive, since it is entirely under the control of the host system. This basically means that in rare cases, email delivery will fail for emails that needed to have upper case letters, and in my app I do send emails