Error when trying to signup using an email address with uppercase letters
When signing up for a new account the signup form asks for your email address and "email confirmation" to protect against typos. If you include capital letters in both the form will lower case the first email field before comparing it with the email confirmation field. This prevents anyone from using capital letters in their email address.
Steps to reproduce
Signup for a new user and attempt to include a capital letter in your email address.
Both fields should be lower-cased to check equivalency and verify the email address isn't already in use. Users should not be prevented from signing up if they have capital letters in their email address.
User cannot sign up with email addresses that contain capital letters.
Relevant logs and/or screenshots
Is it as simple as adding
:email_confirmationto that Array in the Devise configuration?
I think we should continue downcasing.
Yeah, I'm fine with downcasing, it just needs to be done in a way that doesn't break signups.
:email_confirmationfields should get the same case processing treatment.
That treatment should consist of this:
- The part before the @ should be treated as case sensitive
- The part after the @ should be treated as case insensitive
This means that:
Foo@example.orgare the same
The main reason is that there are email systems expecting case sensitivity in the part before the @ sign.
I think excluding those users from being able to use GitLab is a bad idea.
Relevant RFC 5321: Simple Mail Transfer Protocol sections:
I work at a large company and there is another person with the same first and last name. I discovered today that his local-part differs from mine only in capitalization. This has been working properly, so I was surprised to see "no widely used mail systems distinguish different addresses based on case". We use MS Exchange which I would call "widely used". – Matthew James Briggs Nov 24 '15 at 20:14
RFC 5321 2.4. General Syntax Principles and Transaction Model - SMTP implementations MUST take care to preserve the case of mailbox local-parts. In particular, for some hosts, the user "smith" is different from the user "Smith". Mailbox domains follow normal DNS rules and are hence not case sensitive. – Adam111p Apr 27 '16 at 10:02
Most important parts of the answer:
From RFC 5321, section-2.3.11:
The standard mailbox naming convention is defined to be "local-part@domaiN"; contemporary usage permits a much broader set of applications than simple "user names". Consequently, and due to a long history of problems when intermediate hosts have attempted to optimize transport by modifying them, the local-part MUST be interpreted and assigned semantics only by the host specified in the domain part of the address.
So yes, the part before the "@" could be case-sensitive, since it is entirely under the control of the host system. In practice though, no widely used mail systems distinguish different addresses based on case.
The part after the @ sign however is the domain and according to RFC 1035, section 3.1,
"Name servers and resolvers must compare [domains] in a case-insensitive manner"