Preferred bug tracker

Please visit the preferred bug tracker to report your issue.

This queue is for tickets about the CGI-Application-Plugin-Authentication CPAN distribution.

Report information
The Basics
Id:
31133
Status:
new
Priority:
Low/Low

People
Owner:
Nobody in particular
Requestors:
GTERMARS [...] cpan.org
Cc:
AdminCc:

BugTracker
Severity:
Important
Broken in:
(no value)
Fixed in:
(no value)



Subject: Filtered credentials aren't retained for future reference
In my application we allow users to authenticate by "e-mail address", which is stored internally in all lower-case. Users, however, have a tendency to want to log in using mixed-case addresses like "BobUser@AOL.com". I've been able to see that I can filter the credentials used to match up with the values in my DB (so that works), but the problem that I end up with is that all calls to "$self->authen->username()" still return the original -mixed-case- version that the user provided. This then causes some other things to go astray: - our post-login callback which keeps a "last login date/time" up-to-date for users has to be sure to force the username to lc() before using it, - CAP::Authorization breaks, as when it queries things in the DB its getting the MiXeD cAsE version of the email address to query with (and thus isn't finding any matches). ----- Although I'd love to see "$self->authen->username()" return the filtered version of the username, I'd also expect that this would cause grief for other people who've built things up on the premise that "you get back what the user entered, unfiltered". How about a "$self->authen->filtered_username()" method?


This service runs on Request Tracker, is sponsored by The Perl Foundation, and maintained by Best Practical Solutions.

Please report any issues with rt.cpan.org to rt-cpan-admin@bestpractical.com.