https://www.redmine.org/https://www.redmine.org/favicon.ico?16793021292010-08-05T19:45:18ZRedmineRedmine - Feature #3956: Login by Emailhttps://www.redmine.org/issues/3956?journal_id=190132010-08-05T19:45:18ZFelix Schäfer
<ul><li><strong>Category</strong> set to <i>Accounts / authentication</i></li><li><strong>Assignee</strong> deleted (<del><i>Chaoqun Zou</i></del>)</li></ul> Redmine - Feature #3956: Login by Emailhttps://www.redmine.org/issues/3956?journal_id=281462011-04-19T21:43:34ZJames Robertson
<ul></ul><p>+1 (see <a class="issue tracker-2 status-5 priority-4 priority-default closed" title="Feature: Login/sign-in using either email address or username (Closed)" href="https://www.redmine.org/issues/8186">#8186</a> for more details)</p> Redmine - Feature #3956: Login by Emailhttps://www.redmine.org/issues/3956?journal_id=380362012-05-09T17:19:38ZRobert Claypool
<ul></ul><p>I vote for this. It would be very useful.</p> Redmine - Feature #3956: Login by Emailhttps://www.redmine.org/issues/3956?journal_id=474532013-03-25T16:44:25ZLatchezar Tzvetkoff
<ul></ul><p>Hi! We have a heavy-used Redmine install at our company and we've found out that most users get confused with those IRC'ish logins, so we needed to patch email login in.<br />NB: We maintain a patch set we apply after every update, but we think that most of the people will be happy to have email login provided in the official version.</p>
<p>Here is the diff against trunk:</p>
<pre>
$ svn diff
Index: app/models/user.rb
===================================================================
--- app/models/user.rb (revision 11691)
+++ app/models/user.rb (working copy)
@@ -160,7 +160,13 @@
# Make sure no one can sign in with an empty login or password
return nil if login.empty? || password.empty?
- user = find_by_login(login)
+
+ if login.match(/\A([^@\s]+)@((?:[-a-z0-9]+\.)+[a-z]{2,})\z/)
+ user = find_by_mail(login)
+ else
+ user = find_by_login(login)
+ end
+
if user
# user is already in local database
return nil unless user.active?
</pre> Redmine - Feature #3956: Login by Emailhttps://www.redmine.org/issues/3956?journal_id=574392014-07-09T19:47:21ZF Abu-Nimeh
<ul></ul><p>login using email is useful<br />+1</p> Redmine - Feature #3956: Login by Emailhttps://www.redmine.org/issues/3956?journal_id=589262014-10-01T12:26:17ZSlawomir CALUCH
<ul></ul><p>+1 I maintain a redmine for freelance and personal projects and friends/customers tend to try using their emails.</p>
<p>A few stopped connecting to redmine due to the unmet expectation.</p>
<p>I think this could be an option in `/settings?tab=authentication`</p> Redmine - Feature #3956: Login by Emailhttps://www.redmine.org/issues/3956?journal_id=591532014-10-16T08:57:33ZDimitris Vi
<ul></ul><p>+1</p>
<p>for some people having to remember yet another username is not as trivial as it might sound, and when you use their e-mail as username it is ugly and can even mess with the issues list table's layout</p> Redmine - Feature #3956: Login by Emailhttps://www.redmine.org/issues/3956?journal_id=592362014-10-19T22:18:05ZPierre Maigne
<ul></ul><p>+1</p>
<p>As far as I can see, it has very little impact,and I would not need to modify user.rb file at each update :)</p> Redmine - Feature #3956: Login by Emailhttps://www.redmine.org/issues/3956?journal_id=649202015-07-18T23:55:36ZRobert Hailey
<ul></ul><p>+1</p> Redmine - Feature #3956: Login by Emailhttps://www.redmine.org/issues/3956?journal_id=844482018-04-09T06:43:48ZEnziin System
<ul></ul><p>+10000</p> Redmine - Feature #3956: Login by Emailhttps://www.redmine.org/issues/3956?journal_id=897992019-02-04T05:17:56ZBernhard Rohloff
<ul></ul><p>+1 This is so common these days and people don't have to remember another login.</p> Redmine - Feature #3956: Login by Emailhttps://www.redmine.org/issues/3956?journal_id=898022019-02-04T07:00:33ZMarius BĂLTEANU
<ul><li><strong>File</strong> <a href="/attachments/22350">Screenshot 2019-02-04 at 08.51.14.png</a> <a class="icon-only icon-download" title="Download" href="/attachments/download/22350/Screenshot%202019-02-04%20at%2008.51.14.png">Screenshot 2019-02-04 at 08.51.14.png</a> added</li></ul><p>You can already achieve this by using the same email address as login username (attached a screenshot). IMO, current implementation is flexible enough to cover multiple use cases.</p>
<p>We also need to consider that an user can have multiple email addresses (which makes a possible implementation more complex).</p> Redmine - Feature #3956: Login by Emailhttps://www.redmine.org/issues/3956?journal_id=898612019-02-07T05:44:18ZBernhard Rohloff
<ul></ul><p>Marius BALTEANU wrote:</p>
<blockquote>
<p>You can already achieve this by using the same email address as login username (attached a screenshot). IMO, current implementation is flexible enough to cover multiple use cases.</p>
</blockquote>
<p>If your email address changes you can't change your username which makes it somehow impractical. I also see it more like a second chance to get into your account if you have forgotten your username. It's not particularly a problem of mine but I have users who aren't using Redmine very often and tending to forget their username from time to time.</p>
<blockquote>
<p>We also need to consider that an user can have multiple email addresses (which makes a possible implementation more complex).</p>
</blockquote>
<p>I think it would be sufficient enough to only check the primary email address.</p> Redmine - Feature #3956: Login by Emailhttps://www.redmine.org/issues/3956?journal_id=898662019-02-07T07:44:39ZMarius BĂLTEANU
<ul></ul><p>Thanks Bernhard for clarification.</p>
<p>It should be enough to allow users to login by username or email address, right? without any other impact in application. I'm asking because first time when I read this, I understood that we should have a setting to choose between username and email.</p> Redmine - Feature #3956: Login by Emailhttps://www.redmine.org/issues/3956?journal_id=903772019-02-22T05:36:42ZBernhard Rohloff
<ul></ul><p>Sorry for my late reply Marius, there seems to be an issue with notification mails on redmine.org.</p>
<p>Marius BALTEANU wrote:</p>
<blockquote>
<p>It should be enough to allow users to login by username or email address, right? without any other impact in application.</p>
</blockquote>
<p>Yes, that's exactly what I ment. You can find it very often these days for example on GitLab, GitHub, or also on Facebook or Amazon.<br />It's very convenient to get into your account even if you don't remember your username. I think plan.io has done it the same way, as I can remember.</p> Redmine - Feature #3956: Login by Emailhttps://www.redmine.org/issues/3956?journal_id=1127682024-02-05T08:19:16ZGo MAEDA
<ul></ul><p>I think the problem may occur when a user sets another user's email address as their login ID. For example, if there are two users as shown in the table below, which user can sign in with <code>foo@example.com</code>?</p>
<table>
<tr>
<th>id</th>
<th>login </th>
<th>mail</th>
</tr>
<tr>
<td> 11 </td>
<td> <code>testuser1</code> </td>
<td> <code>foo@example.com</code> </td>
</tr>
<tr>
<td> 12 </td>
<td> <code>foo@example.com</code> </td>
<td> <code>testuser2@example.com</code> </td>
</tr>
</table> Redmine - Feature #3956: Login by Emailhttps://www.redmine.org/issues/3956?journal_id=1128392024-02-07T16:02:52ZHolger Just
<ul></ul><p>A simple (and consistent) solution could be to find a user fiorst by login and then as a fallback by email address. This could be implemented with just the following patch:</p>
<pre><code class="diff syntaxhl"><span class="gh">diff --git a/app/models/user.rb b/app/models/user.rb
index 0f78a8937a..67704cd162 100644
</span><span class="gd">--- a/app/models/user.rb
</span><span class="gi">+++ b/app/models/user.rb
</span><span class="p">@@ -216,7 +216,7 @@</span> def self.try_to_login!(login, password, active_only=true)
# Make sure no one can sign in with an empty login or password
return nil if login.empty? || password.empty?
- user = find_by_login(login)
<span class="gi">+ user = find_by_login(login) || find_by_mail(login)
</span> if user
# user is already in local database
return nil unless user.check_password?(password)
</code></pre>
<p>From the example in <a href="#note-16">#note-16</a>, a user trying to login as <code>foo@example.com</code> would thus be logged in as user 12.</p> Redmine - Feature #3956: Login by Emailhttps://www.redmine.org/issues/3956?journal_id=1128402024-02-07T17:11:07ZMarius BĂLTEANU
<ul></ul><p>Is it safer to enable this feature under a new setting in Administration -> Authentication which should turn on / off this behaviour? We can keep the setting disabled for existing installations and enabled for new installations.</p> Redmine - Feature #3956: Login by Emailhttps://www.redmine.org/issues/3956?journal_id=1128482024-02-08T04:30:55ZGo MAEDA
<ul></ul><p>Marius BĂLTEANU wrote in <a href="#note-18">#note-18</a>:</p>
<blockquote>
<p>Is it safer to enable this feature under a new setting in Administration -> Authentication which should turn on / off this behaviour? We can keep the setting disabled for existing installations and enabled for new installations.</p>
</blockquote>
<p>I think Redmine should now allow the creation of a new user that contains '@' in their login ID if the new setting is enabled.</p>
<p>Suppose that there is a user below. User 11 can sign in with <code>testuser1</code> or <code>foo@example.com</code>.</p>
<table>
<tr>
<th>id</th>
<th>login </th>
<th>mail</th>
</tr>
<tr>
<td> 11 </td>
<td> <code>testuser1</code> </td>
<td> <code>foo@example.com</code> </td>
</tr>
</table>
<p>If the following user 12 is created, then user 11 will suddenly not be able to sign in with <code>foo@example.com</code>.</p>
<table>
<tr>
<th>id</th>
<th>login </th>
<th>mail</th>
</tr>
<tr>
<td> 11 </td>
<td> <code>testuser1</code> </td>
<td> <code>foo@example.com</code> </td>
</tr>
<tr>
<td> 12 </td>
<td> <code>foo@example.com</code> </td>
<td> <code>foo@example.net</code> </td>
</tr>
</table> Redmine - Feature #3956: Login by Emailhttps://www.redmine.org/issues/3956?journal_id=1132622024-03-25T11:20:40ZHeiko Robert
<ul></ul><blockquote>
<p>I think Redmine should now allow the creation of a new user that contains '@' in their login ID if the new setting is enabled.</p>
</blockquote>
<p>Unfortunately it is possible to create new users having a at-sign in the username. This is always a source of trouble, if this is not the user's email which should be also validated against the email property. I would disallow at-sign in usernames to avoid such inconsistencies.</p>
<p>Anyway - in the current implementation it would be safest to add such a config as suggested to turn on / off using `find_by_mail(login)` on login.</p>
<p>I already patch user.rb since 10 years. Would be nice to avoid that and to close this ticket ;-)</p>
<p>P.S.: You should switch your db character set to not fail on specific utf-characters ...</p>