Opened 14 years ago

Closed 14 years ago

Last modified 9 years ago

#7591 closed Uncategorized (fixed)

Authenticate By Email Support

Reported by: Paul Kenjora <pkenjora@…> Owned by: anonymous
Component: contrib.auth Version: dev
Severity: Normal Keywords: authenticate, email, login
Cc: Triage Stage: Design decision needed
Has patch: yes Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: no UI/UX: no


Sometimes authenticating by email/password is preferable to username/password. Many sites today (including Google) use the email/passwprd method. Django authentication should support email and username authentication simultaneously (by developers choice).

The developer of a site will be responsible for picking which authentication method works best, the framework should support both.

Again discussion and more information at:

Attachments (1)

email_auth.diff (922 bytes) - added by Paul Kenjora <pkenjora@…> 14 years ago.

Download all attachments as: .zip

Change History (15)

Changed 14 years ago by Paul Kenjora <pkenjora@…>

Attachment: email_auth.diff added

comment:1 Changed 14 years ago by Paul Kenjora <pkenjora@…>

Has patch: set
Owner: set to anonymous
Status: newassigned
Triage Stage: UnreviewedDesign decision needed

comment:2 Changed 14 years ago by Paul Kenjora <pkenjora@…>

Owner: changed from anonymous to Paul Kenjora
Status: assignednew

comment:3 Changed 14 years ago by Paul Kenjora <pkenjora@…>

Owner: changed from Paul Kenjora to anonymous
Status: newassigned

comment:4 Changed 14 years ago by Jacob

Resolution: wontfix
Status: assignedclosed

This is why Django has pluggable authentication backends.

comment:5 Changed 14 years ago by anonymous

Couldn't you make your own view that takes in an e-mail address and password, and authenticates from there?

comment:6 Changed 14 years ago by Paul Kenjora <pkenjora@…>

Why was authentication by username chosen over email, and why is it so exclusive? Why not support both from the same point in the code?

Sorry, not sure what the benefit of creating a new backend is (enough to offset code bloat)? Or the drawback of the patch above?

Insight appreciated for the sake of getting a better understanding of the framework...

comment:7 Changed 14 years ago by Luke Plant

The patch does not support the case where 2 users have the same email address, and as is will actually produce a 500 internal server error. This case is completely possible in the Django Users table (there is no UNIQUE constraint on the email address), and I'm a strong -1 on changing that because of the following use cases:

  • Married couples often share an email address (I have multiple instances of this in one of my live sites)
  • Sometimes users might want different 'personas' for logging in to a site, but the same email address.

So, this patch needs work at the very least, but I'm not sure if it is even fixable. There is no way of knowing which of the usernames sharing an email address should be picked, so you would have pick none. But if the framework advertises that it can support logging in by (username, password) or (email, password) then it should do so without bugs out of the box. But for logging in by email to work reliably, you have to add a constraint to the users database table.

comment:8 in reply to:  7 ; Changed 14 years ago by haavikko@…

Although it is not always possible to use e-mail account as the username, there are application domains where it is perfectly valid and helpful for the end users. It would be a good option to have, and the caveats should be clearly described in the documentation.

comment:9 in reply to:  8 Changed 14 years ago by anonymous

Replying to

It is already an option -- you can roll your own view and do it there, very easily.

comment:10 Changed 13 years ago by Zbigniew Braniecki

Not sure if that's a material for separate bug, or just part of this one.
Why does django accept user name with '@' in the model, but refuses to allow to operate on such account from the panel later? Should a form be more restrictive than the model is?

We're currently rolling out an app for our project which uses double account system (local django authentication + LDAP based) and in such case, we'll have a lot of accounts with user name being an email.
Now, we can add/remove/use those accounts but editing them from django admin panel is unavailable.
Should I open a separate bug on this?

comment:11 in reply to:  10 Changed 13 years ago by Luke Plant

Replying to zbraniecki:

Should I open a separate bug on this?

It's a separate bug, but really it is part of 'model validation', which is in the works, so I wouldn't bother opening a bug about it. It's well known that admin forms can impose extra validation that the model itself does not.

comment:12 Changed 11 years ago by Aymeric Augustin

Easy pickings: unset
Severity: Normal
Type: Uncategorized
UI/UX: unset

#16709 was a duplicate.

comment:13 Changed 11 years ago by Jacob

milestone: 1.0 beta

Milestone 1.0 beta deleted

comment:14 Changed 9 years ago by pkenjora@…

Resolution: wontfixfixed

Since this shows up in search and has been fixed, its best to document it here.

This has been fixed with the implementation of custom authentication:

Note: See TracTickets for help on using tickets.
Back to Top