Comments (2)
Possible solution to the second problem with Gravatar, etc: store two normalised emails:
-
Lowercase normalised version, which has a unique constraint (in
UserEmail
only). This is the reference for queries. It could be the existingLOWER(email)
index instead of a distinct column. -
Application normalised version in which:
+
suffixes are removed,@googlemail.com
is replaced with@gmail.com
(ref), and- periods are stripped from
@gmail.com
addresses
The application normalised version is used for discovery of a re-used email address, but uniqueness is not enforced, since there are legitimate reasons for users to re-use addresses. It may be used for relevant security checks if, for example, one version is used as a user's email address and another as a organisation's or team's, to warn the user that shared access to the email address may compromise their own account.
from lastuser.
The logic for application normalised emails could be in the mxsniff library, although that one currently involves a DNS lookup. mxsniff's provider list could be modified to include the primary domain instead of the MX target, and a custom normalisation function.
from lastuser.
Related Issues (20)
- Allow client credentials in place of auth tokens for GraphQL endpoint
- Need unique index on lowercase of UserEmail.email HOT 2
- Disambiguate authorship from ownership HOT 1
- Backend service worker reorganisation
- Inferred vs explicit principals HOT 2
- Deprecate .html jinja templates
- Locked status for UserEmail and UserPhone HOT 2
- Support the Credential Management API
- No verification email for custom domain mailboxes HOT 1
- Merging users should be a reversible transaction
- Endpoint to remove external IDs HOT 1
- Remove Organization and Team models from Lastuser HOT 3
- Use bcrypt/scrypt for client credentials
- Support native app URIs
- Replace oauth2client with google-auth
- Replace load_models with ModelView HOT 2
- Use secure cookies HOT 1
- Use secure Lastuser cookie
- Support multiple redirect URIs HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from lastuser.