Password reset handles Upper Case Characters in email addresses brokenly #9556
Comments
|
email addresses are case-sensitive though... |
|
Oh, huh. Still, if your account is linked with Example@example.com and you put Example@example.com in the password reset field, we tell you we don't know that email address, too :\ |
lampholder
changed the title
|
So, it looks like we honour case when writing your email address to the database. Then, when it comes to password reset, I think we're comparing whatever address you enter into the password reset UX against the lowercasified email addresses in the database. So, the only way to reset the password for Bob@example.com is to request to reset the password for bob@example.com. |
novocaine
added
S-Critical
|
I can no longer reproduce this issue (Element v1.9.2, synapse v1.44.0). Password reset works correctly for all the following test cases:
With synapse, this is no longer the case, I assume since matrix-org/synapse#7021 was merged, we now store the lowered-case email address. In fact, I think we could consider this to be a duplicate of matrix-org/synapse#7016, which was the issue that PR was fixing. Additionally, MSC2265 is also relevant here, as it implements the following rule:
Given the above, I think we can close this issue. |
|
I agree, if anyone ever sees this again, shout |
If your account is linked with example@example.com but you put Example@example.com in the password reset field we tell you we don't know that email address.
The text was updated successfully, but these errors were encountered: