Comments (6)
We need to see how this works w.r.t. the current core model. I'll investigate to find out if this is a blocker or not.
from persona-yahoo-bridge.
List of Things to Determine
-
Is Yahoo mail case-sensitive?
No. Yahoo will deliver to [email protected] the same as [email protected].
-
Is Yahoo account creation case preserving?
No. Yahoo forcibly down-cases new user registrations.
-
Is Yahoo OpenID case preserving?
N/A. Yahoo will always return down-cased addresses in its OpenID responses.
-
Is BigTent case sensitive?
Yes. Trying to log in as [email protected] fails and sends me into an infinite loop similar to #51.
-
Is BigTent case preserving?
Unknown. Since I can't auth with a capitalized Yahoo address, I can't verify this at a high level.
-
Is Persona itself case preserving when creating an account on login.persona.org?
Yes. Persona preserves and remembers case for accounts backed by login.persona.org.
-
Is Persona itself case sensitive when signing into login.persona.org?
Sort of. I think this is a production bug, but signing up for Persona as [email protected] in the popup and then trying to sign in to Persona as [email protected] in the popup locks up but silently provisions you as [email protected]. If you do everything on login.persona.org itself, you end up logged in as [email protected].
-
Is Persona case preserving when using a native IdP?
No. Attempting to use [email protected] will lock up at "Address Verified" as above, and provision you as [email protected].
-
Is Persona case sensitive when using a native IdP?
Sort of. Fails as per No. 7 above.
-
Is Persona case preserving when signing into an RP?
Yes. Though only for addresses backed by the fallback. All native IdP-based addresses are forcibly downcased.
Once We Know That
-
Are there any interactions where moving to BigTent could result in differently-cased assertions compared to pre-BigTent?
Yes. Accounts at login.persona.org are currently case-preserved and case-enforced. Native Yahoo accounts are forcibly down-cased. Thus, I could currently be using [email protected] with Persona, but as soon as BigTent goes live, I'll be forced to begin using [email protected].
from persona-yahoo-bridge.
Based on the above, BigTent going live in its current state will lock user out of RP accounts, similarly to the AddressGuard issues discovered in #12.
Independently, I believe the above inquiry reveals several bugs in core with regard to handling of capitalization in email addresses.
from persona-yahoo-bridge.
To make things easy for folks on the team, I've created a dummy Yahoo account. The authentication credentials are in a private etherpad: https://id.etherpad.mozilla.org/capitalized-email-accounts
from persona-yahoo-bridge.
If we presume the core bugs are resolved (allowing you to type "[email protected]" but end up logged in as "[email protected]"), then BigTent could fully support people by doing case-insensitive comparison to the OpenID response to verify ownership, but then provisioning based on the casing of the address known to login.persona.org.
New users would always have an all-lowercase address.
Existing users with capitalized addresses could get stuck if they deleted their account and tried to re-create it (or if that happened automatically as part of an account reset?)
from persona-yahoo-bridge.
Bumping stars down to 3 as impact is minimal.
from persona-yahoo-bridge.
Related Issues (20)
- Mail sending from BigTent down? HOT 6
- b2g: sign in with account mismatch and retry results in blank body of page
- first time sign in with yahoo alias results in 'try again' button screen only HOT 3
- it's common to attach yahoo alias to different accounts due to PIN workflow HOT 1
- Yahoo alias is not automatically signed in after the email verification process is complete HOT 3
- "Sorry, PIN doesn't match" on Win8 & IE10 HOT 4
- Fail to verify gmail addresses on Win8 & IE10 HOT 5
- Persona tries to verify gmail addresses than returns to the "Add an email address" dialog HOT 2
- b2g: 'failed to verify assertion' when verifying Yahoo email HOT 1
- b2g: Persona doesn't verify if email is signed is HOT 2
- Pin field is locked after pressing on Sign in without entering any characters HOT 2
- [ie8] screen height too small on id-mismatch screen; hides buttons. HOT 1
- refresh styling to be consistent with browserid new styling HOT 1
- package.json should include license information
- Fix dev setup bitrot HOT 4
- Tracking - Next deployment ensure no regressions on 920301
- [intermittent 50% users] not able to sign in on iOS7 to summit.mozilla.org HOT 3
- b2g: signing in doesn't close the trusted UI upon login HOT 1
- "Could not connect" error when logging in with yahoo.com address HOT 2
- upgrade node to 0.10
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from persona-yahoo-bridge.