Case sensitive email login


I set Use email address as login name on a plone 6 site and I can log into the backend with my email address with mixed case letters but when I try this on the frontend it says email addresses are case sensitive. Is there a way to turn this off in volto?

Email addresses are not case-sensitive.

I tested this on two volto site and two different instances and got the same result. Could I have configured something incorrectly?

No idea about Volto.
Sounds like Volto is making stupid assumptions about email addresses.
Again, is identical to FOO@BaR.CoM .

Backend: theres the login_transform property in PAS which is set to lower for email login (see Products.CMFPlone/Products/CMFPlone/controlpanel/ at master · plone/Products.CMFPlone · GitHub) ... So PAS always transforms the input to lowercase before checking the credentials (Products.PluggableAuthService/Products/PluggableAuthService/ at master · plone/Products.PluggableAuthService · GitHub)

Plone Classic doesn't warn you about this... not sure if Volto should...

I wrote a test script that talks to a local site via plone.restapi and it is definitely case sensitive. Yet the documentation says plone.restapi Authentication uses PlonePas.

I think @login doesn't use applyTransform · Issue #522 · plone/plone.restapi · GitHub is related

1 Like

Thanks @jaroel