There should be minimal checking that email is actually an email in backend, probably using a domain.
://stackoverflow.com/questions/4908211/postgres-function-to-validate-email-address
While we're doing this, we should normalize the case of the server part of emails (after @) in case it's mis-cased in queries.
Also create a domain for handles, so they never contain "@", and never look email-like.
Finally, rewrite the login function to accept either handle or email, using the @ as a switch.
There should be minimal checking that email is actually an email in backend, probably using a domain. ://stackoverflow.com/questions/4908211/postgres-function-to-validate-email-address While we're doing this, we should normalize the case of the server part of emails (after @) in case it's mis-cased in queries. Also create a domain for handles, so they never contain "@", and never look email-like. Finally, rewrite the login function to accept either handle or email, using the @ as a switch.