Allow logins with email address rather than login name.
collective.emaillogin Package Readme
This package allow logins with email address rather than login name. It applies some (somewhat hackish) patches to Plone’s membership tool and memberdata class, after which the email address, on save, is saved as the login name for members. This makes that members can log in using their email address rather than some additional id, and when the email address changes the login name is changed along with it.
Since version 1.0 we explicitly convert e-mail addresses to lowercase. You should be able to login with any mix of upper and lower case letters.
Add it to the eggs of your Plone 3 buildout. With Plone 3.2.x or earlier also add it to the zcml option of your instance. Install it in the Add-ons (Extra Packages) control panel in your Plone Site. Installing simply adds a new skin layer named ‘emaillogin’.
It is best to install this on a fresh Plone site. The login names of current users are not changed. There is code in core Plone 4 for this, so you may want to look there if you need it.
A major part of this package works by patching several core Plone and CMF classes. The patches also apply when you do not have this package installed in your Plone Site. This may give unwanted results, like changing the login name of a user when his or her e-mail address is changed. This also means that when you have multiple Plone Sites in one Zope instance, you should either install this package in all of them or not use it at all and remove it from your buildout.
When upgrading from version 0.8, an upgrade step is run to change all login names to lower case, for those login names that are already e-mail addresses.
No, these are not bugs. Or if they are bugs, then they are bugs that are too hard to fix without introducing other bugs. They might be unexpected though, so we call them gotchas.
- Since version 1.0, whenever an e-mail address is set, we automatically convert it to lowercase. You cannot set an e-mail address to upper or mixed case. When logging in or resetting a password the case does not need to match: we look for the given login but also for the lowercased login.
- As an administrator, when you change the login name of a user in the ZMI, this does not update the email.
- When you register with firstname.lastname@example.org and change this to email@example.com, you can no longer login with your original address. You can only login with your current e-mail address, though the case (upper, lower, mixed) should not matter anymore.
- The initial e-mail address is used as userid. This id never ever changes. In places where the userid is displayed this original userid is shown, which is normally fine until the email address is overwritten – once this is done the original email address will be displayed rather than the new one. (Plone 4 fixes this in the core.) There may be some more spots in Plone that for example search only for users by id so when you use that to search on login name this may fail. Also, there are spots in the Plone or CMF or Zope code that have a userid as input but use it as login name or the other way around so be careful when you start hacking yourself.
- If you register with firstname.lastname@example.org, then change it to email@example.com, then no one can register a new user with firstname.lastname@example.org or change the e-mail address of an existing user to email@example.com. This is because it will forever be used as userid. Note that when you now change your address to firstname.lastname@example.org, your intermediate address of email@example.com is free for the taking.
- When you change your e-mail address, you do not get a confirmation e-mail to check if you did not make any typos and it is a real address. This means you will not be able to login if you do not remember this typo; a password reset will then also not work. This could be considered a problem of Plone in general and not specific for this add-on, though we are hit harder by it. Might be a nice candidate for a PLIP (PLone Improvement Proposal) or first an extra add-on.
In Plone 4 this package is deprecated, as Plone 4 already supports logging in with your email address as an option: http://dev.plone.org/plone/ticket/9214
So we strongly advise not to use this package on Plone 4. But your instance will still start up (tested on Plone 4.0a4) and you can uninstall the package through the UI. You may need to manually remove emaillogin from the skin selections in the Properties tab of portal_skins in the ZMI. Since the package does some patches on startup, you should still remove it from the eggs and zcml options of your instance, rerun buildout and start your instance again.
Changelog for collective.emaillogin
- Avoid possible circular import for the PloneMembershipTool in PlonePAS and CMFPlone. [maurits]
- Moved to https://github.com/collective/collective.emaillogin [maurits]
- Patch RegistrationTool.isMemberIdAllowed. When the id that is passed in is already in use as login name, we do not accept it as user id either. Also, in various spots where isMemberIdAllowed is called, the id is really meant as login name. Possibly this fix is only needed for Plone 3.1 and earlier, as I am sure I have tested this before on Plone 3.3.6. [maurits]
- Patch the login method from Products.PlonePAS.plugins.cookie_handler.ExtendedCookieAuthHelper. This is the code from Plone 3.3.6; it is included because Plone 3.1.7 does the wrong thing for us here. [maurits]
- Patch CMFPlone.MembershipTool.testCurrentPassword to authenticate with the login name. The code in Plone 3.3.5 itself already works (and is simply copied here), but Plone 3.1.7 has an error that is triggered for us as the user id is not always the same as the login name. [maurits]
- In the mailPassword method explicitly disallow looking for a member with the given forgotten user id when this is an e-mail address. We only search for users with that e-mail address as login name. This only has an effect when you have changed your e-mail address to something really different (instead of just a change in the case). Without this change, you could reset your password with your old address, but could not login with that address. [maurits]
- Refactored authenticateCredentials. This avoids getting a message stating you are logged in when in fact you are not logged in. [maurits]
- Added upgrade step to migrate all existing users to have a lowercase login name (when their e-mail address is used as login name). [maurits]
- Patch PloneTool.setMemberProperties to always set the e-mail address to lower case and to update the login name when the e-mail address changes. [maurits]
- In validate_personalize.vpy turn the e-mail address to lowercase. [maurits]
- Patch Products.PlonePAS.tools.membership.MembershipTool.addMember to always add the member as lowercase, also when not called from registered.cpy [maurits]
- In join_form_validate.vpy turn the e-mail address to lowercase. [maurits]
- Changed getMemberByLoginName and ZODBUserManager.authenticateCredentials to explicitly search for the lower case login name if the initial literal search does not work. [maurits]
- Added classifiers for Plone 3.2 and 3.3 in setup.py. [maurits]
- Removed mail_me functionality from join_form as this claimed to be sending the password, which Plone has not been doing for a long time, if ever. The backend handling for this was already removed from Plone itself. [maurits]
- Fixed wrong condition and double definition where allowEnterPassword meant you were actually not allowed to enter a password. It worked fine but was confusingly stated the wrong way around. [maurits]
- added german translation [deichi]
- Patched some methods in PasswordResetTool and RegistrationTool to make sure you can actually reset your password, even after changing your email address. [maurits]
- Use email address instead of login/user name in some more spots, like the login form and in validation. [maurits]
- Fixed error on reinstall where the default skin would be set to the no longer existing emaillogin skin. [maurits]
- Added profiles/default/metadata.xml: version = 1. [maurits]
- After a successfull edit of the personalize form, do not travere to the personalize_form, but redirect to it. This solves an error “Forbidden: Form authenticator is invalid.” when changing your email address (= login name) and then saving the form a second time. [maurits]
- Changed validate_personalize.vpy to allow changing your preferences again. [maurits]
- Adapted validate_personalize.vpy. Change compared to default Plone: check the validity of the email address as a login name. [maurits]
- Added i18n. [maurits]
- Also show the error when the email address is not a valid username. [maurits+mike]
- Removed personalize_form.cpt(.metadata) as there was no important difference with the one from default Plone. [maurits+mike]
- Take over a small change in default Plone to the personalize.cpy.
- Fixed join form to also work in newer Plones by using the @@authenticator provider for protecting this join form. Keeps working in Plone 3.0 as well (which does not use plone.protect). [maurits+mike]
- No longer register our own skin path (skin selection), but just add our emaillogin skin layer to the existing skin selections. [maurits+mike]
- Initial release. [maurits, guido]