I am using Pow for session based authentication in my app, and I just found out that my user can’t login with their email with different letter cases.
I think migration for user table is autogenerated from Pow and looks like email field is just string(varchar).
Anyone knows if there will be any side effect, changing email field type from varchar to citext in using Pow package?
you should lowercase/downcase everything NaMe@DomaiN.Com is identical to email@example.com -
what version are you on, and can you show some of the code?
Hmmm… one needs to be careful with this. Per RFC 5321 (RFC 5321: Simple Mail Transfer Protocol) [emphasis mine] …
2.3.11. Mailbox and Address
As used in this specification, an “address” is a character string
that identifies a user to whom mail will be sent or a location into
which mail will be deposited. The term “mailbox” refers to that
depository. The two terms are typically used interchangeably unless
the distinction between the location in which mail is placed (the
mailbox) and a reference to it (the address) is important. An
address normally consists of user and domain specifications. The
standard mailbox naming convention is defined to be
“local-part@domain”; contemporary usage permits a much broader set of
applications than simple “user names”. Consequently, and due to a
long history of problems when intermediate hosts have attempted to
optimize transport by modifying them, the local-part MUST be
interpreted and assigned semantics only by the host specified in the
domain part of the address.
So while many systems will treat the local part of the email in a case insensitive way, it might not always be so. From the same RFC, section 2.4:
The local-part of a mailbox MUST BE treated as case sensitive.
Therefore, SMTP implementations MUST take care to preserve the case
of mailbox local-parts. In particular, for some hosts, the user
“smith” is different from the user “Smith”. However, exploiting the
case sensitivity of mailbox local-parts impedes interoperability and
is discouraged. Mailbox domains follow normal DNS rules and are
hence not case sensitive.
To be clear, they’re talking about SMTP implementations (MTAs) taking care to be case preserving of the local part of the address, but one can assume that’s because some servers/MUAs care about the case of the local part… regardless if the practice is discouraged or not.
So the likelihood is you’ll frequently be fine treating an email address as case-insensitive, but if you’re casting a wide net for users don’t be surprised if email address case-insensitivity isn’t universal. It’s a trade-off decision which is better made when fully informed.