Sorcery excepts the same email/username more than once

[eliajf]

Create an account with [email protected] and create another account with [email protected]. Sorcery will allow this. Case should not matter for email addresses (nor username if used for login/account creation purposes).

Furthermore, user.downcase_username_before_authenticating should be true by default (or at least set to true should also impact account creation).

For anyone looking for a work-around, I fixed this by setting user.downcase_username_before_authenticating to true in config/initializers/sorcery.rb and @user.email.downcase! to users_controller/create

[coderhs]

:+1: for enabling this by default.

[shime]

:+1:

[arnvald]

Hi @eliajf!

I agree with you, we can switch this setting to true by default. What's more, if someone wants to implement it, we can add a before_validate callback, that would downcase email/login before saving record (only if the downcase_username_before_authenticating is set to true). This would prevent the first problem you've mentioned

[eliajf]

That's fair and is exactly what I implemented myself. I'd urge you to set downcase_username_before_authenticating to true by default as well. Thanks for being open to suggestions.

On Wed, Sep 23, 2015 at 9:44 AM, Grzegorz Witek [email protected] wrote:

Hi @eliajf https://github.com/eliajf!

I agree with you, we can switch this setting to true by default. What's more, if someone wants to implement it, we can add a before_validate callback, that would downcase email/login before saving record (only if the downcase_username_before_authenticating is set to true). This would prevent the first problem you've mentioned

— Reply to this email directly or view it on GitHub https://github.com/NoamB/sorcery/issues/712#issuecomment-142658503.

Elia Freedman Infinity Softworks (503) 939-4379 www.infinitysw.com @eliajf