date:20211212

Case Sensitive Usernames

2021-12-12 Thread Arthur Pemberton

Especially with the ability to set USERNAME_FIELD to "email", it would be 
really useful to at least have a well documented warning that usernames are 
case-sensitive in Django.

I've been using Django for years, and even I forget that fact some times. 
Until I start Googling and come across [1].

Ideally, it would be great to have a setting (or model field) that would 
allow easy switching to case insensitive usernames.

Arthur Pemberton



[1] https://code.djangoproject.com/ticket/2273

-- 
You received this message because you are subscribed to the Google Groups 
"Django developers  (Contributions to Django itself)" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-developers+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-developers/9a5e1df3-778d-4993-8c32-57870fafd8f9n%40googlegroups.com.

Re: Case Sensitive Usernames

2021-12-12 Thread אורי

Hi Arthur,

I would recommend users of Django to use only lowercase usernames. And if
they insist that the username is an email address, also convert it to
lowercase. Otherwise you can have 3 separate users uri, Uri, and uRI, or 3
separate users with email addresses u...@example.com, u...@example.com, and
u...@example.com (or even u...@example.com). Maybe it's better to add an
optional setting to enforce usernames to be lowercase. And by the way also
alphanumeric. You don't want "!@#" to be a username on your system (or the
user's name in Chinese or Hebrew).

It's interesting that this ticket is 15 years old and still not completely
resolved.

By the way, when people type their email address, some programs (including
browsers) convert the first letter to uppercase, and I have received email
addresses from people with the first letter in uppercase, although their
true address is lowercase. I don't think you want this uppercase letter to
appear on your database in the email field.

אורי
(Uri)

u...@speedy.net

On Sun, Dec 12, 2021 at 6:02 PM Arthur Pemberton  wrote:

> Especially with the ability to set USERNAME_FIELD to "email", it would be
> really useful to at least have a well documented warning that usernames are
> case-sensitive in Django.
>
> I've been using Django for years, and even I forget that fact some times.
> Until I start Googling and come across [1].
>
> Ideally, it would be great to have a setting (or model field) that would
> allow easy switching to case insensitive usernames.
>
> Arthur Pemberton
>
> 
>
> [1] https://code.djangoproject.com/ticket/2273
>
> --
> You received this message because you are subscribed to the Google Groups
> "Django developers (Contributions to Django itself)" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to django-developers+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/django-developers/9a5e1df3-778d-4993-8c32-57870fafd8f9n%40googlegroups.com
> 
> .
>

-- 
You received this message because you are subscribed to the Google Groups 
"Django developers  (Contributions to Django itself)" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-developers+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-developers/CABD5YeHyBPNvwk-nVonZDYg%3DSeR53uAT2-GZQWpBGDyMRf1W2Q%40mail.gmail.com.

Re: Case Sensitive Usernames

2021-12-12 Thread Arthur Pemberton

A setting to convert all usernames to lowercase would be good too -- that's 
my preference overall in general. However I haven't yet seen how best that 
could/would be accomplished.

For simpler uses case where I'm just sub-classing AbstractUser and not 
customizing the auth backend, I've taken to 
overriding UserManager.get_by_natural_key to allow for case-insensitive 
logins. Though really, I probably should add a signal handler to force 
username to lowercase.

Arthur

On Sunday, December 12, 2021 at 11:21:32 AM UTC-5 Uri wrote:

> Hi Arthur,
>
> I would recommend users of Django to use only lowercase usernames. And if 
> they insist that the username is an email address, also convert it to 
> lowercase. Otherwise you can have 3 separate users uri, Uri, and uRI, or 3 
> separate users with email addresses u...@example.com, u...@example.com, 
> and u...@example.com (or even u...@example.com). Maybe it's better to add 
> an optional setting to enforce usernames to be lowercase. And by the way 
> also alphanumeric. You don't want "!@#" to be a username on your system (or 
> the user's name in Chinese or Hebrew).
>
> It's interesting that this ticket is 15 years old and still not completely 
> resolved.
>
> By the way, when people type their email address, some programs (including 
> browsers) convert the first letter to uppercase, and I have received email 
> addresses from people with the first letter in uppercase, although their 
> true address is lowercase. I don't think you want this uppercase letter to 
> appear on your database in the email field.
>
> אורי
> (Uri)
>
> u...@speedy.net
>
>
> On Sun, Dec 12, 2021 at 6:02 PM Arthur Pemberton  wrote:
>
>> Especially with the ability to set USERNAME_FIELD to "email", it would be 
>> really useful to at least have a well documented warning that usernames are 
>> case-sensitive in Django.
>>
>> I've been using Django for years, and even I forget that fact some times. 
>> Until I start Googling and come across [1].
>>
>> Ideally, it would be great to have a setting (or model field) that would 
>> allow easy switching to case insensitive usernames.
>>
>> Arthur Pemberton
>>
>> 
>>
>> [1] https://code.djangoproject.com/ticket/2273
>>
>> -- 
>> You received this message because you are subscribed to the Google Groups 
>> "Django developers (Contributions to Django itself)" group.
>> To unsubscribe from this group and stop receiving emails from it, send an 
>> email to django-develop...@googlegroups.com.
>> To view this discussion on the web visit 
>> https://groups.google.com/d/msgid/django-developers/9a5e1df3-778d-4993-8c32-57870fafd8f9n%40googlegroups.com
>>  
>> 
>> .
>>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Django developers  (Contributions to Django itself)" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-developers+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-developers/c2bb1b2f-e1ac-4770-8989-ebb0fdc47a2cn%40googlegroups.com.

Re: Case Sensitive Usernames

2021-12-12 Thread Kye Russell

Strong -1 on overriding user intent on capitalisation, especially for email 
addresses as the RFC stipulates that the local part of an email address is case 
sensitive, this is just rarely practiced. There are much better solutions out 
there (CI[Text|Char]FIeld in Postgres, etc) that enforce case-insensitivity 
purely for comparison operations which is where you really want it, but without 
overriding user intent wrt what case the user wants to use in their email or 
username.

Django could maybe do with easing the process of implementation for 
case-insensitive fields outside of Postgres. I’m not familiar enough with the 
other RDBMSs to know how workable that is. But the answer is certainly not 
discarding user intent.

Kye
On 13 Dec 2021, 11:32 AM +0800, Arthur Pemberton , wrote:
> A setting to convert all usernames to lowercase would be good too -- that's 
> my preference overall in general. However I haven't yet seen how best that 
> could/would be accomplished.
>
> For simpler uses case where I'm just sub-classing AbstractUser and not 
> customizing the auth backend, I've taken to overriding 
> UserManager.get_by_natural_key to allow for case-insensitive logins. Though 
> really, I probably should add a signal handler to force username to lowercase.
>
> Arthur
>
> > On Sunday, December 12, 2021 at 11:21:32 AM UTC-5 Uri wrote:
> > > Hi Arthur,
> > >
> > > I would recommend users of Django to use only lowercase usernames. And if 
> > > they insist that the username is an email address, also convert it to 
> > > lowercase. Otherwise you can have 3 separate users uri, Uri, and uRI, or 
> > > 3 separate users with email addresses u...@example.com, u...@example.com, 
> > > and u...@example.com (or even u...@example.com). Maybe it's better to add 
> > > an optional setting to enforce usernames to be lowercase. And by the way 
> > > also alphanumeric. You don't want "!@#" to be a username on your system 
> > > (or the user's name in Chinese or Hebrew).
> > >
> > > It's interesting that this ticket is 15 years old and still not 
> > > completely resolved.
> > >
> > > By the way, when people type their email address, some programs 
> > > (including browsers) convert the first letter to uppercase, and I have 
> > > received email addresses from people with the first letter in uppercase, 
> > > although their true address is lowercase. I don't think you want this 
> > > uppercase letter to appear on your database in the email field.
> > >
> > > אורי
> > > (Uri)
> > >
> > > u...@speedy.net
> > >
> > >
> > > > On Sun, Dec 12, 2021 at 6:02 PM Arthur Pemberton  
> > > > wrote:
> > > > > Especially with the ability to set USERNAME_FIELD to "email", it 
> > > > > would be really useful to at least have a well documented warning 
> > > > > that usernames are case-sensitive in Django.
> > > > >
> > > > > I've been using Django for years, and even I forget that fact some 
> > > > > times. Until I start Googling and come across [1].
> > > > >
> > > > > Ideally, it would be great to have a setting (or model field) that 
> > > > > would allow easy switching to case insensitive usernames.
> > > > >
> > > > > Arthur Pemberton
> > > > >
> > > > > 
> > > > >
> > > > > [1] https://code.djangoproject.com/ticket/2273
> > > > > --
> > > > > You received this message because you are subscribed to the Google 
> > > > > Groups "Django developers (Contributions to Django itself)" group.
> > > > > To unsubscribe from this group and stop receiving emails from it, 
> > > > > send an email to django-develop...@googlegroups.com.
> > > > > To view this discussion on the web visit 
> > > > > https://groups.google.com/d/msgid/django-developers/9a5e1df3-778d-4993-8c32-57870fafd8f9n%40googlegroups.com.
> --
> You received this message because you are subscribed to the Google Groups 
> "Django developers (Contributions to Django itself)" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to django-developers+unsubscr...@googlegroups.com.
> To view this discussion on the web visit 
> https://groups.google.com/d/msgid/django-developers/c2bb1b2f-e1ac-4770-8989-ebb0fdc47a2cn%40googlegroups.com.

-- 
You received this message because you are subscribed to the Google Groups 
"Django developers  (Contributions to Django itself)" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-developers+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-developers/2b02d741-e49d-486e-b92d-92d0e233b9e9%40Spark.

Re: Case Sensitive Usernames

2021-12-12 Thread Arthur Pemberton

Purely anecdotal, but I've never had a user intentionally signup for an 
account with a case-sensitive email address. I'm not such which users 
expect their username or email addresses to be case-sensitive.

Arthur

On Sunday, December 12, 2021 at 10:40:30 PM UTC-5 m...@kye.id.au wrote:

> Strong -1 on overriding user intent on capitalisation, especially for 
> email addresses as the RFC stipulates that *the local part of an email 
> address is case sensitive*, this is just rarely practiced. There are much 
> better solutions out there (CI[Text|Char]FIeld in Postgres, etc) that 
> enforce case-insensitivity purely for comparison operations which is where 
> you really want it, but without overriding user intent wrt what case the 
> user wants to use in their email or username.
>
> Django could maybe do with easing the process of implementation for 
> case-insensitive fields outside of Postgres. I’m not familiar enough with 
> the other RDBMSs to know how workable that is. But the answer is certainly 
> not discarding user intent. 
>
> Kye
> On 13 Dec 2021, 11:32 AM +0800, Arthur Pemberton , 
> wrote:
>
> A setting to convert all usernames to lowercase would be good too -- 
> that's my preference overall in general. However I haven't yet seen how 
> best that could/would be accomplished. 
>
> For simpler uses case where I'm just sub-classing AbstractUser and not 
> customizing the auth backend, I've taken to 
> overriding UserManager.get_by_natural_key to allow for case-insensitive 
> logins. Though really, I probably should add a signal handler to force 
> username to lowercase.
>
> Arthur
>
> On Sunday, December 12, 2021 at 11:21:32 AM UTC-5 Uri wrote:
>
>> Hi Arthur, 
>>
>> I would recommend users of Django to use only lowercase usernames. And if 
>> they insist that the username is an email address, also convert it to 
>> lowercase. Otherwise you can have 3 separate users uri, Uri, and uRI, or 3 
>> separate users with email addresses u...@example.com, u...@example.com, 
>> and u...@example.com (or even u...@example.com). Maybe it's better to 
>> add an optional setting to enforce usernames to be lowercase. And by the 
>> way also alphanumeric. You don't want "!@#" to be a username on your system 
>> (or the user's name in Chinese or Hebrew).
>>
>> It's interesting that this ticket is 15 years old and still not 
>> completely resolved.
>>
>> By the way, when people type their email address, some programs 
>> (including browsers) convert the first letter to uppercase, and I have 
>> received email addresses from people with the first letter in uppercase, 
>> although their true address is lowercase. I don't think you want this 
>> uppercase letter to appear on your database in the email field.
>>
>> אורי
>> (Uri)
>>
>> u...@speedy.net
>>
>>
>> On Sun, Dec 12, 2021 at 6:02 PM Arthur Pemberton  
>> wrote:
>>
>>> Especially with the ability to set USERNAME_FIELD to "email", it would 
>>> be really useful to at least have a well documented warning that usernames 
>>> are case-sensitive in Django. 
>>>
>>> I've been using Django for years, and even I forget that fact some 
>>> times. Until I start Googling and come across [1].
>>>
>>> Ideally, it would be great to have a setting (or model field) that would 
>>> allow easy switching to case insensitive usernames.
>>>
>>> Arthur Pemberton
>>>
>>> 
>>>
>>> [1] https://code.djangoproject.com/ticket/2273
>>>
>>> --
>>> You received this message because you are subscribed to the Google 
>>> Groups "Django developers (Contributions to Django itself)" group.
>>> To unsubscribe from this group and stop receiving emails from it, send 
>>> an email to django-develop...@googlegroups.com.
>>> To view this discussion on the web visit 
>>> https://groups.google.com/d/msgid/django-developers/9a5e1df3-778d-4993-8c32-57870fafd8f9n%40googlegroups.com
>>>  
>>> 
>>> .
>>>
>> --
> You received this message because you are subscribed to the Google Groups 
> "Django developers (Contributions to Django itself)" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to django-develop...@googlegroups.com.
>
> To view this discussion on the web visit 
> https://groups.google.com/d/msgid/django-developers/c2bb1b2f-e1ac-4770-8989-ebb0fdc47a2cn%40googlegroups.com
>  
> 
> .
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Django developers  (Contributions to Django itself)" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-developers+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-developers/39111840-1917-4036-b994-e1

Re: Case Sensitive Usernames

2021-12-12 Thread Ken Whitesell

Also a strong -1. While it is rare, it is perfectly legitimate to have a
mail server treat the name portion of an email address as being case
sensitive.

Yes, you can find a lot of wrong answers on the internet stating
otherwise, but paragraph 2.4 of RFC 5321 clearly states that the
local-part of an address is case-sensitive.

(Note: I operate a case-sensitive email server, just as a demonstration
of that standard.)

On 12/12/2021 10:32 PM, Arthur Pemberton wrote:
A setting to convert all usernames to lowercase would be good too --
that's my preference overall in general. However I haven't yet seen
how best that could/would be accomplished.

For simpler uses case where I'm just sub-classing AbstractUser and not
customizing the auth backend, I've taken to
overriding UserManager.get_by_natural_key to allow for
case-insensitive logins. Though really, I probably should add a signal
handler to force username to lowercase.

Arthur

On Sunday, December 12, 2021 at 11:21:32 AM UTC-5 Uri wrote:

Hi Arthur,

I would recommend users of Django to use only lowercase usernames.
And if they insist that the username is an email address, also
convert it to lowercase. Otherwise you can have 3 separate users
uri, Uri, and uRI, or 3 separate users with email addresses
u...@example.com, u...@example.com, and u...@example.com (or even
u...@example.com). Maybe it's better to add an optional setting to
enforce usernames to be lowercase. And by the way also
alphanumeric. You don't want "!@#" to be a username on your system
(or the user's name in Chinese or Hebrew).

It's interesting that this ticket is 15 years old and still not
completely resolved.

By the way, when people type their email address, some programs
(including browsers) convert the first letter to uppercase, and I
have received email addresses from people with the first letter in
uppercase, although their true address is lowercase. I don't think
you want this uppercase letter to appear on your database in the
email field.

אורי
(Uri)

u...@speedy.net

On Sun, Dec 12, 2021 at 6:02 PM Arthur Pemberton
wrote:

Especially with the ability to set USERNAME_FIELD to "email",
it would be really useful to at least have a well documented
warning that usernames are case-sensitive in Django.

I've been using Django for years, and even I forget that fact
some times. Until I start Googling and come across [1].

Ideally, it would be great to have a setting (or model field)
that would allow easy switching to case insensitive usernames.

Arthur Pemberton

[1] https://code.djangoproject.com/ticket/2273

--
You received this message because you are subscribed to the

Google Groups "Django developers (Contributions to Django
itself)" group.
To unsubscribe from this group and stop receiving emails from
it, send an email to django-develop...@googlegroups.com.
To view this discussion on the web visit

https://groups.google.com/d/msgid/django-developers/9a5e1df3-778d-4993-8c32-57870fafd8f9n%40googlegroups.com

--
You received this message because you are subscribed to the Google
Groups "Django developers (Contributions to Django itself)" group.
To unsubscribe from this group and stop receiving emails from it, send
an email to django-developers+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/django-developers/c2bb1b2f-e1ac-4770-8989-ebb0fdc47a2cn%40googlegroups.com
.

--
You received this message because you are subscribed to the Google Groups "Django
developers (Contributions to Django itself)" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to django-developers+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/django-developers/781a95bb-7682-525c-97c3-b3e86b7b1c59%40comcast.net.

Re: Case Sensitive Usernames

2021-12-12 Thread Benny

IMO this treads dangerously close to what I call a “Django Gotcha” - There 
exist some implementations, where if you’re not paying attention, it’ll come 
back to bite you in the keister. One example would be the test runner coercing 
DEBUG=False in an effort for tests to more accurately reflect a production 
environment.

Normalization is a nightmare all on its own without having to implicitly 
introduce it.

Benny

> On Dec 12, 2021, at 9:40 PM, Kye Russell  wrote:
> 
> Strong -1 on overriding user intent on capitalisation, especially for email 
> addresses as the RFC stipulates that the local part of an email address is 
> case sensitive, this is just rarely practiced. There are much better 
> solutions out there (CI[Text|Char]FIeld in Postgres, etc) that enforce 
> case-insensitivity purely for comparison operations which is where you really 
> want it, but without overriding user intent wrt what case the user wants to 
> use in their email or username.
> 
> Django could maybe do with easing the process of implementation for 
> case-insensitive fields outside of Postgres. I’m not familiar enough with the 
> other RDBMSs to know how workable that is. But the answer is certainly not 
> discarding user intent. 
> 
> Kye
> On 13 Dec 2021, 11:32 AM +0800, Arthur Pemberton , wrote:
>> A setting to convert all usernames to lowercase would be good too -- that's 
>> my preference overall in general. However I haven't yet seen how best that 
>> could/would be accomplished.
>> 
>> For simpler uses case where I'm just sub-classing AbstractUser and not 
>> customizing the auth backend, I've taken to overriding 
>> UserManager.get_by_natural_key to allow for case-insensitive logins. Though 
>> really, I probably should add a signal handler to force username to 
>> lowercase.
>> 
>> Arthur
>> 
>> On Sunday, December 12, 2021 at 11:21:32 AM UTC-5 Uri wrote:
>> Hi Arthur,
>> 
>> I would recommend users of Django to use only lowercase usernames. And if 
>> they insist that the username is an email address, also convert it to 
>> lowercase. Otherwise you can have 3 separate users uri, Uri, and uRI, or 3 
>> separate users with email addresses u...@example.com 
>> , u...@example.com 
>> , and u...@example.com 
>>  (or even 
>> u...@example.com). Maybe it's better to add an optional setting to enforce 
>> usernames to be lowercase. And by the way also alphanumeric. You don't want 
>> "!@#" to be a username on your system (or the user's name in Chinese or 
>> Hebrew).
>> 
>> It's interesting that this ticket is 15 years old and still not completely 
>> resolved.
>> 
>> By the way, when people type their email address, some programs (including 
>> browsers) convert the first letter to uppercase, and I have received email 
>> addresses from people with the first letter in uppercase, although their 
>> true address is lowercase. I don't think you want this uppercase letter to 
>> appear on your database in the email field.
>> 
>> אורי
>> (Uri)
>> 
>> u...@speedy.net 
>> 
>> On Sun, Dec 12, 2021 at 6:02 PM Arthur Pemberton > > wrote:
>> Especially with the ability to set USERNAME_FIELD to "email", it would be 
>> really useful to at least have a well documented warning that usernames are 
>> case-sensitive in Django.
>> 
>> I've been using Django for years, and even I forget that fact some times. 
>> Until I start Googling and come across [1].
>> 
>> Ideally, it would be great to have a setting (or model field) that would 
>> allow easy switching to case insensitive usernames.
>> 
>> Arthur Pemberton
>> 
>> 
>> 
>> [1] https://code.djangoproject.com/ticket/2273 
>> 
>> 
>> --
>> You received this message because you are subscribed to the Google Groups 
>> "Django developers (Contributions to Django itself)" group.
>> To unsubscribe from this group and stop receiving emails from it, send an 
>> email to django-develop...@googlegroups.com 
>> .
>> To view this discussion on the web visit 
>> https://groups.google.com/d/msgid/django-developers/9a5e1df3-778d-4993-8c32-57870fafd8f9n%40googlegroups.com
>>  
>> .
>> 
>> --
>> You received this message because you are subscribed to the Google Groups 
>> "Django developers (Contributions to Django itself)" group.
>> To unsubscribe from this group and stop receiving emails from it, send an 
>> email to django-developers+unsubscr...@googlegroups.com 
>> .
>> To view this discussion on the web visit 
>> https://groups.google.com/d/msgid/django-developers/c2bb1b2f-e1ac-4770-8989-ebb0fdc47a2cn%40googlegroups.com
>>  
>> .
> 
> 
> -- 
> You received this message because you are subscribed to the Google Group

Re: Case Sensitive Usernames

2021-12-12 Thread Arthur Pemberton

The current behaviour is an undocumented gotcha. It should at least be
mentioned in the documentation. Very few major login based platforms are
case sensitive, so it should be at least mentioned in the documentation
that by default applications built with Django would be different in that
regard.

Arthur

On Sun, 12 Dec 2021 at 23:01, Benny  wrote:

> IMO this treads dangerously close to what I call a “Django Gotcha” - There
> exist some implementations, where if you’re not paying attention, it’ll
> come back to bite you in the keister. One example would be the test runner
> coercing DEBUG=False in an effort for tests to more accurately reflect a
> production environment.
>
> Normalization is a nightmare all on its own without having to implicitly
> introduce it.
>
> Benny
>
> On Dec 12, 2021, at 9:40 PM, Kye Russell  wrote:
>
> Strong -1 on overriding user intent on capitalisation, especially for
> email addresses as the RFC stipulates that *the local part of an email
> address is case sensitive*, this is just rarely practiced. There are much
> better solutions out there (CI[Text|Char]FIeld in Postgres, etc) that
> enforce case-insensitivity purely for comparison operations which is where
> you really want it, but without overriding user intent wrt what case the
> user wants to use in their email or username.
>
> Django could maybe do with easing the process of implementation for
> case-insensitive fields outside of Postgres. I’m not familiar enough with
> the other RDBMSs to know how workable that is. But the answer is certainly
> not discarding user intent.
>
> Kye
> On 13 Dec 2021, 11:32 AM +0800, Arthur Pemberton ,
> wrote:
>
> A setting to convert all usernames to lowercase would be good too --
> that's my preference overall in general. However I haven't yet seen how
> best that could/would be accomplished.
>
> For simpler uses case where I'm just sub-classing AbstractUser and not
> customizing the auth backend, I've taken to
> overriding UserManager.get_by_natural_key to allow for case-insensitive
> logins. Though really, I probably should add a signal handler to force
> username to lowercase.
>
> Arthur
>
> On Sunday, December 12, 2021 at 11:21:32 AM UTC-5 Uri wrote:
>
>> Hi Arthur,
>>
>> I would recommend users of Django to use only lowercase usernames. And if
>> they insist that the username is an email address, also convert it to
>> lowercase. Otherwise you can have 3 separate users uri, Uri, and uRI, or 3
>> separate users with email addresses u...@example.com, u...@example.com,
>> and u...@example.com (or even u...@example.com). Maybe it's better to
>> add an optional setting to enforce usernames to be lowercase. And by the
>> way also alphanumeric. You don't want "!@#" to be a username on your system
>> (or the user's name in Chinese or Hebrew).
>>
>> It's interesting that this ticket is 15 years old and still not
>> completely resolved.
>>
>> By the way, when people type their email address, some programs
>> (including browsers) convert the first letter to uppercase, and I have
>> received email addresses from people with the first letter in uppercase,
>> although their true address is lowercase. I don't think you want this
>> uppercase letter to appear on your database in the email field.
>>
>> אורי
>> (Uri)
>>
>> u...@speedy.net
>>
>>
>> On Sun, Dec 12, 2021 at 6:02 PM Arthur Pemberton 
>> wrote:
>>
>>> Especially with the ability to set USERNAME_FIELD to "email", it would
>>> be really useful to at least have a well documented warning that usernames
>>> are case-sensitive in Django.
>>>
>>> I've been using Django for years, and even I forget that fact some
>>> times. Until I start Googling and come across [1].
>>>
>>> Ideally, it would be great to have a setting (or model field) that would
>>> allow easy switching to case insensitive usernames.
>>>
>>> Arthur Pemberton
>>>
>>> 
>>>
>>> [1] https://code.djangoproject.com/ticket/2273
>>>
>>> --
>>> You received this message because you are subscribed to the Google
>>> Groups "Django developers (Contributions to Django itself)" group.
>>> To unsubscribe from this group and stop receiving emails from it, send
>>> an email to django-develop...@googlegroups.com.
>>> To view this discussion on the web visit
>>> https://groups.google.com/d/msgid/django-developers/9a5e1df3-778d-4993-8c32-57870fafd8f9n%40googlegroups.com
>>> 
>>> .
>>>
>>
> --
> You received this message because you are subscribed to the Google Groups
> "Django developers (Contributions to Django itself)" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to django-developers+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/django-developers/c2bb1b2f-e1ac-4770-8989-ebb0fdc47a2cn%40googlegroups.com
>

Re: Case Sensitive Usernames

2021-12-12 Thread Benny

That’s a matter of perspective - RFC 5321 documents it pretty well. While I 
agree that, speculatively, the majority of servers may normalize emails to 
lower-case, it’s not officially recognized. I’m a fan of exhaustive 
documentation, but this is a standard set by an arguably higher authority.

Benny

> On Dec 12, 2021, at 10:15 PM, Arthur Pemberton  wrote:
> 
> The current behaviour is an undocumented gotcha. It should at least be 
> mentioned in the documentation. Very few major login based platforms are case 
> sensitive, so it should be at least mentioned in the documentation that by 
> default applications built with Django would be different in that regard.
> 
> Arthur
> 
> On Sun, 12 Dec 2021 at 23:01, Benny  > wrote:
> IMO this treads dangerously close to what I call a “Django Gotcha” - There 
> exist some implementations, where if you’re not paying attention, it’ll come 
> back to bite you in the keister. One example would be the test runner 
> coercing DEBUG=False in an effort for tests to more accurately reflect a 
> production environment.
> 
> Normalization is a nightmare all on its own without having to implicitly 
> introduce it.
> 
> Benny
> 
>> On Dec 12, 2021, at 9:40 PM, Kye Russell > > wrote:
>> 
>> Strong -1 on overriding user intent on capitalisation, especially for email 
>> addresses as the RFC stipulates that the local part of an email address is 
>> case sensitive, this is just rarely practiced. There are much better 
>> solutions out there (CI[Text|Char]FIeld in Postgres, etc) that enforce 
>> case-insensitivity purely for comparison operations which is where you 
>> really want it, but without overriding user intent wrt what case the user 
>> wants to use in their email or username.
>> 
>> Django could maybe do with easing the process of implementation for 
>> case-insensitive fields outside of Postgres. I’m not familiar enough with 
>> the other RDBMSs to know how workable that is. But the answer is certainly 
>> not discarding user intent. 
>> 
>> Kye
>> On 13 Dec 2021, 11:32 AM +0800, Arthur Pemberton > >, wrote:
>>> A setting to convert all usernames to lowercase would be good too -- that's 
>>> my preference overall in general. However I haven't yet seen how best that 
>>> could/would be accomplished.
>>> 
>>> For simpler uses case where I'm just sub-classing AbstractUser and not 
>>> customizing the auth backend, I've taken to overriding 
>>> UserManager.get_by_natural_key to allow for case-insensitive logins. Though 
>>> really, I probably should add a signal handler to force username to 
>>> lowercase.
>>> 
>>> Arthur
>>> 
>>> On Sunday, December 12, 2021 at 11:21:32 AM UTC-5 Uri wrote:
>>> Hi Arthur,
>>> 
>>> I would recommend users of Django to use only lowercase usernames. And if 
>>> they insist that the username is an email address, also convert it to 
>>> lowercase. Otherwise you can have 3 separate users uri, Uri, and uRI, or 3 
>>> separate users with email addresses u...@example.com <>, u...@example.com 
>>> <>, and u...@example.com <> (or even u...@example.com 
>>> ). Maybe it's better to add an optional setting to 
>>> enforce usernames to be lowercase. And by the way also alphanumeric. You 
>>> don't want "!@#" to be a username on your system (or the user's name in 
>>> Chinese or Hebrew).
>>> 
>>> It's interesting that this ticket is 15 years old and still not completely 
>>> resolved.
>>> 
>>> By the way, when people type their email address, some programs (including 
>>> browsers) convert the first letter to uppercase, and I have received email 
>>> addresses from people with the first letter in uppercase, although their 
>>> true address is lowercase. I don't think you want this uppercase letter to 
>>> appear on your database in the email field.
>>> 
>>> אורי
>>> (Uri)
>>> 
>>> u...@speedy.net <>
>>> 
>>> On Sun, Dec 12, 2021 at 6:02 PM Arthur Pemberton > 
>>> wrote:
>>> Especially with the ability to set USERNAME_FIELD to "email", it would be 
>>> really useful to at least have a well documented warning that usernames are 
>>> case-sensitive in Django.
>>> 
>>> I've been using Django for years, and even I forget that fact some times. 
>>> Until I start Googling and come across [1].
>>> 
>>> Ideally, it would be great to have a setting (or model field) that would 
>>> allow easy switching to case insensitive usernames.
>>> 
>>> Arthur Pemberton
>>> 
>>> 
>>> 
>>> [1] https://code.djangoproject.com/ticket/2273 
>>> 
>>> 
>>> --
>>> You received this message because you are subscribed to the Google Groups 
>>> "Django developers (Contributions to Django itself)" group.
>>> To unsubscribe from this group and stop receiving emails from it, send an 
>>> email to django-develop...@googlegroups.com <>.
>>> To view this discussion on the web visit 
>>> https://groups.google.com/d/msgid/django-developers/9a5e1df3

Re: Case Sensitive Usernames

2021-12-12 Thread אורי

Hi,

As far as I know, Google, which runs mail servers for about 85% of users
worldwide (Gmail + Workspace users), email addresses and usernames are case
insensitive. So if you send me for example an email to u...@speedy.net, I
will receive it. Although according to the RFC it should have been bounced
(actually I'm not sure, maybe it's up to the domain manager (speedy.net /
gmail.com) to decide if to bounce it or not). This is a de-facto standard -
I know companies that always send me mail to my email address in uppercase,
and I think they do it to all of their customers. I don't think they have
delivery problems with customers.

אורי
u...@speedy.net


On Mon, Dec 13, 2021 at 6:39 AM Benny  wrote:

> That’s a matter of perspective - RFC 5321 documents it pretty well. While
> I agree that, speculatively, the majority of servers may normalize emails
> to lower-case, it’s not officially recognized. I’m a fan of exhaustive
> documentation, but this is a standard set by an arguably higher authority.
>
> Benny
>
> On Dec 12, 2021, at 10:15 PM, Arthur Pemberton  wrote:
>
> The current behaviour is an undocumented gotcha. It should at least be
> mentioned in the documentation. Very few major login based platforms are
> case sensitive, so it should be at least mentioned in the documentation
> that by default applications built with Django would be different in that
> regard.
>
> Arthur
>
> On Sun, 12 Dec 2021 at 23:01, Benny  wrote:
>
>> IMO this treads dangerously close to what I call a “Django Gotcha” -
>> There exist some implementations, where if you’re not paying attention,
>> it’ll come back to bite you in the keister. One example would be the test
>> runner coercing DEBUG=False in an effort for tests to more accurately
>> reflect a production environment.
>>
>> Normalization is a nightmare all on its own without having to implicitly
>> introduce it.
>>
>> Benny
>>
>> On Dec 12, 2021, at 9:40 PM, Kye Russell  wrote:
>>
>> Strong -1 on overriding user intent on capitalisation, especially for
>> email addresses as the RFC stipulates that *the local part of an email
>> address is case sensitive*, this is just rarely practiced. There are
>> much better solutions out there (CI[Text|Char]FIeld in Postgres, etc) that
>> enforce case-insensitivity purely for comparison operations which is where
>> you really want it, but without overriding user intent wrt what case the
>> user wants to use in their email or username.
>>
>> Django could maybe do with easing the process of implementation for
>> case-insensitive fields outside of Postgres. I’m not familiar enough with
>> the other RDBMSs to know how workable that is. But the answer is certainly
>> not discarding user intent.
>>
>> Kye
>> On 13 Dec 2021, 11:32 AM +0800, Arthur Pemberton ,
>> wrote:
>>
>> A setting to convert all usernames to lowercase would be good too --
>> that's my preference overall in general. However I haven't yet seen how
>> best that could/would be accomplished.
>>
>> For simpler uses case where I'm just sub-classing AbstractUser and not
>> customizing the auth backend, I've taken to
>> overriding UserManager.get_by_natural_key to allow for case-insensitive
>> logins. Though really, I probably should add a signal handler to force
>> username to lowercase.
>>
>> Arthur
>>
>> On Sunday, December 12, 2021 at 11:21:32 AM UTC-5 Uri wrote:
>>
>>> Hi Arthur,
>>>
>>> I would recommend users of Django to use only lowercase usernames. And
>>> if they insist that the username is an email address, also convert it to
>>> lowercase. Otherwise you can have 3 separate users uri, Uri, and uRI, or 3
>>> separate users with email addresses u...@example.com, u...@example.com,
>>> and u...@example.com (or even u...@example.com ).
>>> Maybe it's better to add an optional setting to enforce usernames to be
>>> lowercase. And by the way also alphanumeric. You don't want "!@#" to be a
>>> username on your system (or the user's name in Chinese or Hebrew).
>>>
>>> It's interesting that this ticket is 15 years old and still not
>>> completely resolved.
>>>
>>> By the way, when people type their email address, some programs
>>> (including browsers) convert the first letter to uppercase, and I have
>>> received email addresses from people with the first letter in uppercase,
>>> although their true address is lowercase. I don't think you want this
>>> uppercase letter to appear on your database in the email field.
>>>
>>> אורי
>>> (Uri)
>>>
>>> u...@speedy.net
>>>
>>>
>>> On Sun, Dec 12, 2021 at 6:02 PM Arthur Pemberton 
>>> wrote:
>>>
 Especially with the ability to set USERNAME_FIELD to "email", it would
 be really useful to at least have a well documented warning that usernames
 are case-sensitive in Django.

 I've been using Django for years, and even I forget that fact some
 times. Until I start Googling and come across [1].

 Ideally, it would be great to have a setting (or model field) that
 would allow easy switc

Re: Case Sensitive Usernames

2021-12-12 Thread Kye Russell

The RFC does not specifically disallow case-insensitive email addresses, no.

This all feels like a moot point. Messing with user data (read: not rejecting 
it) before it hits the database for ‘technical’ reasons is certainly swimming 
against the tide. You hardly ever see it these days. If you need 
case-insensitive comparison of email addresses (e.g. for an auth check), then 
just do a case-insensitive comparison. This is why things like 
CI[Text/Char/Email]Field exist. If we are appealing to authority, Gmail’s new 
account sign up form preserves user case.

Kye
On 13 Dec 2021, 12:52 PM +0800, אורי , wrote:
> Hi,
>
> As far as I know, Google, which runs mail servers for about 85% of users 
> worldwide (Gmail + Workspace users), email addresses and usernames are case 
> insensitive. So if you send me for example an email to u...@speedy.net, I 
> will receive it. Although according to the RFC it should have been bounced 
> (actually I'm not sure, maybe it's up to the domain manager (speedy.net / 
> gmail.com) to decide if to bounce it or not). This is a de-facto standard - I 
> know companies that always send me mail to my email address in uppercase, and 
> I think they do it to all of their customers. I don't think they have 
> delivery problems with customers.
>
> אורי
> u...@speedy.net
>
>
> > On Mon, Dec 13, 2021 at 6:39 AM Benny  wrote:
> > > That’s a matter of perspective - RFC 5321 documents it pretty well. While 
> > > I agree that, speculatively, the majority of servers may normalize emails 
> > > to lower-case, it’s not officially recognized. I’m a fan of exhaustive 
> > > documentation, but this is a standard set by an arguably higher authority.
> > >
> > > Benny
> > >
> > > > On Dec 12, 2021, at 10:15 PM, Arthur Pemberton  
> > > > wrote:
> > > >
> > > > The current behaviour is an undocumented gotcha. It should at least be 
> > > > mentioned in the documentation. Very few major login based platforms 
> > > > are case sensitive, so it should be at least mentioned in the 
> > > > documentation that by default applications built with Django would be 
> > > > different in that regard.
> > > >
> > > > Arthur
> > > >
> > > > > On Sun, 12 Dec 2021 at 23:01, Benny  wrote:
> > > > > > IMO this treads dangerously close to what I call a “Django Gotcha” 
> > > > > > - There exist some implementations, where if you’re not paying 
> > > > > > attention, it’ll come back to bite you in the keister. One example 
> > > > > > would be the test runner coercing DEBUG=False in an effort for 
> > > > > > tests to more accurately reflect a production environment.
> > > > > >
> > > > > > Normalization is a nightmare all on its own without having to 
> > > > > > implicitly introduce it.
> > > > > >
> > > > > > Benny
> > > > > >
> > > > > > > On Dec 12, 2021, at 9:40 PM, Kye Russell  wrote:
> > > > > > >
> > > > > > > Strong -1 on overriding user intent on capitalisation, especially 
> > > > > > > for email addresses as the RFC stipulates that the local part of 
> > > > > > > an email address is case sensitive, this is just rarely 
> > > > > > > practiced. There are much better solutions out there 
> > > > > > > (CI[Text|Char]FIeld in Postgres, etc) that enforce 
> > > > > > > case-insensitivity purely for comparison operations which is 
> > > > > > > where you really want it, but without overriding user intent wrt 
> > > > > > > what case the user wants to use in their email or username.
> > > > > > >
> > > > > > > Django could maybe do with easing the process of implementation 
> > > > > > > for case-insensitive fields outside of Postgres. I’m not familiar 
> > > > > > > enough with the other RDBMSs to know how workable that is. But 
> > > > > > > the answer is certainly not discarding user intent.
> > > > > > >
> > > > > > > Kye
> > > > > > > On 13 Dec 2021, 11:32 AM +0800, Arthur Pemberton 
> > > > > > > , wrote:
> > > > > > > > A setting to convert all usernames to lowercase would be good 
> > > > > > > > too -- that's my preference overall in general. However I 
> > > > > > > > haven't yet seen how best that could/would be accomplished.
> > > > > > > >
> > > > > > > > For simpler uses case where I'm just sub-classing AbstractUser 
> > > > > > > > and not customizing the auth backend, I've taken to overriding 
> > > > > > > > UserManager.get_by_natural_key to allow for case-insensitive 
> > > > > > > > logins. Though really, I probably should add a signal handler 
> > > > > > > > to force username to lowercase.
> > > > > > > >
> > > > > > > > Arthur
> > > > > > > >
> > > > > > > > > On Sunday, December 12, 2021 at 11:21:32 AM UTC-5 Uri wrote:
> > > > > > > > > > Hi Arthur,
> > > > > > > > > >
> > > > > > > > > > I would recommend users of Django to use only lowercase 
> > > > > > > > > > usernames. And if they insist that the username is an email 
> > > > > > > > > > address, also convert it to lowercase. Otherwise you can 
> > > > > > > > > > have 3 separate users uri, Uri, and uRI, or 3 separate 
> > > > > > > >

Case Sensitive Usernames

Re: Case Sensitive Usernames

Re: Case Sensitive Usernames

Re: Case Sensitive Usernames

Re: Case Sensitive Usernames

Re: Case Sensitive Usernames

Re: Case Sensitive Usernames

Re: Case Sensitive Usernames

Re: Case Sensitive Usernames

Re: Case Sensitive Usernames

Re: Case Sensitive Usernames

11 matches

Site Navigation

Mail list logo

Footer information