collective.emaillogin 1.0

Overview

This package allow logins with email address rather than login name. It applies some (somewhat hackish) patches to Plone’s membership tool and memberdata class, after which the email address, on save, is saved as the login name for members. This makes that members can log in using their email address rather than some additional id, and when the email address changes the login name is changed along with it.

Since version 1.0 we explicitly convert e-mail addresses to lowercase. You should be able to login with any mix of upper and lower case letters.

Installation

Add it to the eggs of your Plone 3 buildout. With Plone 3.2.x or earlier also add it to the zcml option of your instance. Install it in the Add-ons (Extra Packages) control panel in your Plone Site. Installing simply adds a new skin layer named ‘emaillogin’.

It is best to install this on a fresh Plone site. The login names of current users are not changed. There is code in core Plone 4 for this, so you may want to look there if you need it.

Upgrading

When upgrading from version 0.8, an upgrade step is run to change all login names to lower case, for those login names that are already e-mail addresses.

Problems

The solution is far from perfect, for instance on places where the userid is displayed the original (underlying) id is shown, which works fine until the email address is overwritten - once this is done the old email address will be displayed rather than the new one. There may be some more spots in Plone that for example search only for users by id so when you use that to search on login name this may fail. Also, there are spots in the Plone or CMF or Zope code that have a userid as input but use it as login name or the other way around.

There were some more issues, but we think those have been fixed.

Note that when you registered with old@example.org and changed that to new@example.org, you can no longer login with your old address. You can only login with your current e-mail address, though the case (upper, lower, mixed) should not matter anymore.

Since version 1.0, whenever an e-mail address is set, we convert it to lowercase.

Future

In Plone 4 this package is deprecated, as Plone 4 already supports logging in with your email address as an option: http://dev.plone.org/plone/ticket/9214

So we strongly advise not to use this package on Plone 4. But your instance will still start up (tested on Plone 4.0a4) and you can uninstall the package through the UI. You may need to manually remove emaillogin from the skin selections in the Properties tab of portal_skins in the ZMI. Since the package does some patches on startup, you should still remove it from the eggs and zcml options of your instance, rerun buildout and start your instance again.

1.0 (2011-11-23)

• In the mailPassword method explicitly disallow looking for a member with the given forgotten user id when this is an e-mail address. We only search for users with that e-mail address as login name. This only has an effect when you have changed your e-mail address to something really different (instead of just a change in the case). Without this change, you could reset your password with your old address, but could not login with that address. [maurits]

• Refactored authenticateCredentials. This avoids getting a message stating you are logged in when in fact you are not logged in. [maurits]

• Added upgrade step to migrate all existing users to have a lowercase login name (when their e-mail address is used as login name). [maurits]

• Patch PloneTool.setMemberProperties to always set the e-mail address to lower case and to update the login name when the e-mail address changes. [maurits]

• In validate_personalize.vpy turn the e-mail address to lowercase. [maurits]

• Patch Products.PlonePAS.tools.membership.MembershipTool.addMember to always add the member as lowercase, also when not called from registered.cpy [maurits]

• In join_form_validate.vpy turn the e-mail address to lowercase. [maurits]

• Changed getMemberByLoginName and ZODBUserManager.authenticateCredentials to explicitly search for the lower case login name if the initial literal search does not work. [maurits]

• Added classifiers for Plone 3.2 and 3.3 in setup.py. [maurits]

0.8 (2010-05-18)

• Removed mail_me functionality from join_form as this claimed to be sending the password, which Plone has not been doing for a long time, if ever. The backend handling for this was already removed from Plone itself. [maurits]

• Fixed wrong condition and double definition where allowEnterPassword meant you were actually not allowed to enter a password. It worked fine but was confusingly stated the wrong way around. [maurits]

0.7 (2010-02-23)

• added german translation [deichi]

0.6 (2009-05-13)

• Patched some methods in PasswordResetTool and RegistrationTool to make sure you can actually reset your password, even after changing your email address. [maurits]

• Use email address instead of login/user name in some more spots, like the login form and in validation. [maurits]

0.5 (2009-05-06)

• Fixed error on reinstall where the default skin would be set to the no longer existing emaillogin skin. [maurits]

• Added profiles/default/metadata.xml: version = 1. [maurits]

• After a successfull edit of the personalize form, do not travere to the personalize_form, but redirect to it. This solves an error “Forbidden: Form authenticator is invalid.” when changing your email address (= login name) and then saving the form a second time. [maurits]

• Changed validate_personalize.vpy to allow changing your preferences again. [maurits]

• Adapted validate_personalize.vpy. Change compared to default Plone: check the validity of the email address as a login name. [maurits]

• Added i18n. [maurits]

0.4 (2009-05-05)

• Also show the error when the email address is not a valid username. [maurits+mike]

0.3 (2009-05-05)

• Removed personalize_form.cpt(.metadata) as there was no important difference with the one from default Plone. [maurits+mike]

• Take over a small change in default Plone to the personalize.cpy.

• Fixed join form to also work in newer Plones by using the @@authenticator provider for protecting this join form. Keeps working in Plone 3.0 as well (which does not use plone.protect). [maurits+mike]

0.2 (2009-05-05)

• No longer register our own skin path (skin selection), but just add our emaillogin skin layer to the existing skin selections. [maurits+mike]

0.1 (2008-01-15)

• Initial release. [maurits, guido]