Re: [Django] #2273: django.contrib.auth.models.User: username is case-sensitive
Django
--------------------------------------+------------------------------
Reporter: mderk@… | Owner: adrian
Type: defect | Status: closed
Milestone: | Component: Contrib apps
Version: | Severity: normal
Resolution: wontfix | Keywords:
Triage Stage: Unreviewed | Has patch: 0
Needs documentation: 0 | Needs tests: 0
Patch needs improvement: 0 | Easy pickings: 0
--------------------------------------+------------------------------
Changes (by anonymous):
* easy: => 0
Comment:
Air Max shoes
Air Max shoes 2011
[url=http://www.nikeam.com]Air Max shoes[/url]
[url=http://www.nikeam.com]Nike Air Max shoes[/url]
<a href="http://www.nikeam.com">Air Max shoes</a>
<a href="http://www.nikeam.com">Nke Air Max shoes</a>
--
Ticket URL: <https://code.djangoproject.com/ticket/2273#comment:5>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
Django
--------------------------------------+------------------------------
Reporter: mderk@… | Owner: adrian
Type: defect | Status: closed
Milestone: | Component: Contrib apps
Version: | Severity: normal
Resolution: wontfix | Keywords:
Triage Stage: Unreviewed | Has patch: 0
Needs documentation: 0 | Needs tests: 0
Patch needs improvement: 0 | Easy pickings: 0
--------------------------------------+------------------------------
Comment (by anonymous):
Free Run shoes
Nike Free Run shoes
[url=http://www.freerunnike.com]Free Run shoes[/url]
[url=http://www.freerunnike.com]Nike Free Run shoes[/url]
<a href="http://www.freerunnike.com">Free Run shoes</a>
<a href="http://www.freerunnike.com">Nike Free Run shoes</a>
--
Ticket URL: <https://code.djangoproject.com/ticket/2273#comment:6>
Django
Type: defect | Status: closed
Severity: normal | Resolution: wontfix
Keywords: | Triage Stage: Unreviewed
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
------------------------------+--------------------------------------
Changes (by anonymous):
* ui_ux: => 0
* easy: => 0
Comment:
as noted in the comments of the blogpost linked by thebitguru, adding a
custom authentication backend does not solve all of the problems that this
bit of non-standardness creates . . . hopefully someone will pick this up
and address it in the future. Just another thing that makes django a PITA
sometimes and increases support calls for me.
--
Ticket URL: <https://code.djangoproject.com/ticket/2273#comment:5>
Django
------------------------------+--------------------------------------
Reporter: mderk@… | Owner: adrian
Type: defect | Status: closed
Component: Contrib apps | Version:
Severity: normal | Resolution: wontfix
Keywords: | Triage Stage: Unreviewed
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
------------------------------+--------------------------------------
* cc: dbrgn (added)
--
Ticket URL: <https://code.djangoproject.com/ticket/2273#comment:6>
Django
------------------------------+--------------------------------------
Reporter: mderk@… | Owner: adrian
Type: defect | Status: closed
Component: Contrib apps | Version:
Severity: normal | Resolution: wontfix
Keywords: | Triage Stage: Unreviewed
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
------------------------------+--------------------------------------
Comment (by anonymous):
adrian sucks cock.
--
Ticket URL: <https://code.djangoproject.com/ticket/2273#comment:7>
Django
------------------------------+--------------------------------------
Reporter: mderk@… | Owner: adrian
Component: Contrib apps | Version:
Severity: normal | Resolution:
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
------------------------------+--------------------------------------
* status: closed => reopened
* resolution: wontfix =>
Comment:
At least fix this with the default user model in 1.5 and above. This is
literally the only framework I can easily find that has case-sensitive
usernames. No, that doesn't mean this is the correct path, but doing
things so counter-intuitively in python makes my head hurt.
Adrian - if you don't have time, at least keep this open for someone else
to submit a patch - I'm certain one of us can put together something.
It's quite annoying to have to use a custom authentication backend for
something so dead simple in concept - this should be part of Django.
Django
------------------------------+--------------------------------------
Reporter: mderk@… | Owner: adrian
Component: Contrib apps | Version:
Severity: normal | Resolution: wontfix
Keywords: | Triage Stage: Unreviewed
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
------------------------------+--------------------------------------
* status: reopened => closed
* resolution: => wontfix
Comment:
No, we're *not* going to make this change. 4 years ago, it may have been a
time thing, but now, we're dealing with backwards incompatibility. Making
this "trivial" change would have a massive impact on existing deployed
code. We're not going to violate backwards compatiibility when there is a
backwards compatible option available.
--
Ticket URL: <https://code.djangoproject.com/ticket/2273#comment:8>
Django
------------------------------+--------------------------------------
Reporter: mderk@… | Owner: adrian
Type: defect | Status: closed
Component: Contrib apps | Version:
Severity: normal | Resolution: wontfix
Keywords: | Triage Stage: Unreviewed
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
------------------------------+--------------------------------------
Comment (by anonymous):
WIth all due respect, its not a trivial change. Its a very, very common
probably when running a consumer facing site.
As the original ticket stated, this could be a config (still would be
backwards compatible). Its not a heavy or time-consuming change.
--
Ticket URL: <https://code.djangoproject.com/ticket/2273#comment:9>
Django
------------------------------+--------------------------------------
Reporter: mderk@… | Owner: adrian
Type: defect | Status: closed
Component: Contrib apps | Version:
Severity: normal | Resolution: wontfix
Keywords: | Triage Stage: Unreviewed
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
------------------------------+--------------------------------------
Comment (by bryce2@…):
So what's wrong with making the change, by default applicable only to new
sites?
--
Ticket URL: <https://code.djangoproject.com/ticket/2273#comment:10>
Django
------------------------------+--------------------------------------
Reporter: mderk@… | Owner: adrian
Type: defect | Status: closed
Component: Contrib apps | Version:
Severity: normal | Resolution: wontfix
Keywords: | Triage Stage: Unreviewed
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
------------------------------+--------------------------------------
Comment (by russellm):
@bryce -- because the migration path isn't trivial either. We'd be
implementing a feature flag, and then we'd need to support the feature
flag, and support queries from users confused over the introduction of the
new feature... all to support something that can be achieved right now if
you want that particular feature.
--
Ticket URL: <https://code.djangoproject.com/ticket/2273#comment:11>
Django
------------------------------+--------------------------------------
Reporter: mderk@… | Owner: adrian
Type: defect | Status: closed
Component: Contrib apps | Version:
Severity: normal | Resolution: wontfix
Keywords: | Triage Stage: Unreviewed
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
------------------------------+--------------------------------------
Comment (by mkhalil28@…):
in django/contrib/auth/models.py
change the get_by_natural to the following:
{{{
def get_by_natural_key(self, username):
return self.get(username__iexact = username)
}}}
and your all set :)
--
Ticket URL: <https://code.djangoproject.com/ticket/2273#comment:12>
Django
------------------------------+--------------------------------------
Reporter: mderk@… | Owner: adrian
Type: defect | Status: closed
Component: Contrib apps | Version:
Severity: normal | Resolution: wontfix
Keywords: | Triage Stage: Unreviewed
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
------------------------------+--------------------------------------
Comment (by Carlos Killpack <carlos.killpack@…>):
Whose idea was it to make usernames case-sensitive in the first place? I
suppose nothing can be done at this point, but y'all probably should have
thought about it a bit more before committing yourselves to it for so
long. ''It was a stupid decision.''
Think about a user logging into a Django-powered site, do you think she
gives a shit about which letters she capitalized when she filled out the
registration form? I doubt it. Why even make her remember? Capitalization
isn't that important!
--
Ticket URL: <https://code.djangoproject.com/ticket/2273#comment:13>
Django
------------------------------+--------------------------------------
Reporter: mderk@… | Owner: adrian
Type: defect | Status: closed
Component: Contrib apps | Version:
Severity: normal | Resolution: wontfix
Keywords: | Triage Stage: Unreviewed
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
------------------------------+--------------------------------------
Comment (by ollytheninja):
This is clearly a sore point for some people judging by my googling. I
understand that the change would have been hard 8 years ago and is now
near impossible.
Shouldn't there at least be a note added to the documentation, I currently
see nothing about this in the documentation (maybe I missed it?)?
Simply adding "Note: usernames '''are''' case sensitive" to
[https://docs.djangoproject.com/en/dev/ref/contrib/auth/#django.contrib.auth.models.User.username]
would be a step in the right direction.
--
Ticket URL: <https://code.djangoproject.com/ticket/2273#comment:14>
Django
------------------------------+--------------------------------------
Reporter: mderk@… | Owner: adrian
Type: defect | Status: closed
Component: Contrib apps | Version:
Severity: normal | Resolution: wontfix
Keywords: | Triage Stage: Unreviewed
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
------------------------------+--------------------------------------
Comment (by collinanderson):
This is why I use mysql :). If nothing else, would it be possible to at
least move towards the direction of, by default, not allowing a new user
if there's a `username__iexact` match? That way at least it wouldn't be
possible to get duplicate usernames in the database before this issue gets
noticed.
--
Ticket URL: <https://code.djangoproject.com/ticket/2273#comment:15>
Django
------------------------------+--------------------------------------
Reporter: mderk@… | Owner: adrian
Type: defect | Status: closed
Component: Contrib apps | Version:
Severity: normal | Resolution: wontfix
Keywords: | Triage Stage: Unreviewed
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
------------------------------+--------------------------------------
* cc: cmawebsite@… (added)
--
Ticket URL: <https://code.djangoproject.com/ticket/2273#comment:16>
Django
------------------------------+--------------------------------------
Reporter: mderk@… | Owner: adrian
Type: defect | Status: closed
Component: Contrib apps | Version:
Severity: normal | Resolution: wontfix
Keywords: | Triage Stage: Unreviewed
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
------------------------------+--------------------------------------
Comment (by timgraham):
The appropriate place to have discussion on a ticket that's been closed as
"won't fix" is the DevelopersMailingList.
--
Ticket URL: <https://code.djangoproject.com/ticket/2273#comment:17>
Django
Reporter: mderk@… | Owner: adrian
Type: | Status: closed
Cleanup/optimization |
Component: contrib.auth | Version:
Severity: normal | Resolution: wontfix
Keywords: | Triage Stage:
| Unreviewed
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
Changes (by timgraham):
* type: defect => Cleanup/optimization
* component: Contrib apps => contrib.auth
Comment:
[https://groups.google.com/d/topic/django-
developers/a4I7rHuT4Dw/discussion django-developers discussion]
--
Ticket URL: <https://code.djangoproject.com/ticket/2273#comment:18>
Django
-------------------------------------+-------------------------------------
Type: | Holovaty
Cleanup/optimization | Status: closed
Component: contrib.auth | Version:
Severity: normal | Resolution: wontfix
Keywords: | Triage Stage:
| Unreviewed
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------------+-------------------------------------
* cc: Info-Screen@… (added)
--
Ticket URL: <https://code.djangoproject.com/ticket/2273#comment:19>