Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Login should automatically try lowercase usernames if the first attempt at login fails #5446

Closed
ara4n opened this issue Oct 26, 2017 · 7 comments
Closed

Login should automatically try lowercase usernames if the first attempt at login fails #5446

ara4n opened this issue Oct 26, 2017 · 7 comments
Labels
P2 S-Major Severely degrades major functionality or product features, with no satisfactory workaround T-Defect

Comments

@ara4n
Copy link
Member

ara4n commented Oct 26, 2017

No description provided.

@turt2live
Copy link
Member

Related discussion (UX on doing this for groups): #5434

@lampholder lampholder added T-Defect S-Major Severely degrades major functionality or product features, with no satisfactory workaround P2 ui/ux labels Oct 27, 2017
@lampholder
Copy link
Member

lampholder commented Oct 27, 2017
edited
Loading

Is there scope for additional confusion here? Could two people both think they have "@-Bob:matrix.org" whereas one of those is actually getting silently bounced to @-bob:matrix.org each time?

@ara4n
Copy link
Member Author

ara4n commented Oct 27, 2017

@lampholder i think you may need to phrase that again without binging github’s @bob...

@ara4n
Copy link
Member Author

ara4n commented Oct 27, 2017

see also #5445

@ara4n
Copy link
Member Author

ara4n commented Oct 27, 2017

eitherway, no: the point is that Bob would always go to Bob and bob would always log in as bob if they are on a legacy acct with clashing case sensitivity

@dbkr dbkr mentioned this issue Oct 27, 2017
Merged
@lampholder
Copy link
Member

Sorry Bob :P

@ara4n if I understand correctly, I don't think your response addresses my concern.

  • Alpha Bob registers @Bob:matrix.org with password s3cr3t
  • Beta Bob register @bob:matrix.org with password sh4d0w
  • Beta Bob forgets his mxid is @bob and thinks it is @Bob - he logs into riot.im with username @Bob:matrix.org and password sh4d0w
  • Riot.im tries the upper case Bob and sh4d0w combo, but it fails
  • Riot.im falls back to the lower case bob and sh4d0w` and succeeds

Problems:

  • Beta Bob doesn't get his understanding of what his mxid is reinforced. He might think he's registered @Bob, because that's what he always types. This could cause confusion down the line (when he asks people to invite him to a room/direct chat/group)
  • Worse: if Alpha Bob and Beta Bob have the same password (either because they're the same person who got confused registering two accounts, or because they both have a pet dog called Shadow), then they might log in as each other by horrible mistake.

@turt2live
Copy link
Member

This is probably better implemented on the homeserver as a check. It should know if Bob and bob exist, and handle the case accordingly. Presumably if it gets Bob and Bob isn't a user, it can try bob.

Handling it on the client side seems risky as it may result in the wrong account (as mentioned) or require existing endpoints to provide more information about who is and isn't a user (leading to a possible vector for spam).

@lampholder lampholder mentioned this issue Feb 22, 2018
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
P2 S-Major Severely degrades major functionality or product features, with no satisfactory workaround T-Defect
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@turt2live @ara4n @lampholder