Ibexa DXP Discussions

Community discussion forum for developers working with Ibexa DXP

Enable login by email

Hi all,

I would like to enable login by email, is this possible with the latest version of EzPlatform?

Thanks!

Login by email is currently not in the core of eZ Platform, but available using the EzCoreExtraBundle. Details on the feature here: https://github.com/lolautruche/EzCoreExtraBundle/blob/master/Resources/doc/email_authentication.md

Thanks, @janit. It seems that feature was removed from that bundle because the documentation was removed. Was this feature moved to the core of eZ Platform?

Hi @msanchez.

Was this feature moved to the core of eZ Platform?

Yes, login using e-mail address has been added to product in 3.0 release. Here is documentation for this feature: https://doc.ibexa.co/en/latest/guide/user_management/user_management/#login-methods

Thanks, @adam.wojs. I just noticed that the character @ is not allowed in the username in the user account field. There is an option to edit the regular expressión allowed in usernames, Is there a reason to prevent the @ character from usernames? I think it is better for consistency to keep the username and email the same.

Is there a reason to prevent the @ character from usernames?

@ in username might lead to ambiguity in password checking when both username and email providers are enabled. Here is one of the scenario which I originally posted on Slack:

1. There is username and email based user providers configured as mentioned in doc (username based provider have higher priority over e-mail based provider)
2. There is existing user with username `user` and e-mail: `user@example.com` who on daily basis use email address to login
3. Attacker create account (e.g. using register form) and fill username as `user@example.com` and email to any controlled account (e.g. `attacker@example.com` )
4. Now user is trying to login using e-mail [user@example.com](mailto:user@example.com) but password does not match because **is checked against the account with username** **[user@example.com](mailto:user@example.com)** (account created in point 3)

Original message: https://ezcommunity.slack.com/archives/CHMPD9M0F/p1604742658233500?thread_ts=1604662393.233300&cid=CHMPD9M0F

1 Like