Closed Bug 594437 Opened 14 years ago Closed 14 years ago

Allow both email address and username to login

Categories

(Cloud Services Graveyard :: Firefox Home, defect)

Product:
Cloud Services Graveyard
Component:
Firefox Home
Type:
defect
Priority:
Not set
Severity:
major

Tracking

(Not tracked)

Status:
VERIFIED FIXED

People

(Reporter: philikon, Assigned: st3fan)

References

Details

Firefox Sync will move from using usernames to email addresses. Usernames will still be used in the underlying REST API, but they will simply be derived from the email address (some form of hash + encode). See bug 589979.

Firefox Home will have to implement this as well and change the UI to mention email address instead of username.
As of bug 589979, first released in Firefox Sync 1.5b3, Sync implements the following "algorithm":

1. Ask for an "account name".

2. Check whether the account name is a valid server username. Valid is defined as complying to /[^A-Z0-9._-]/i.

a) If the account name is a valid username, it's taken to be the username.

b) Otherwise (e.g. the account name is an email address that contains the disallowed @ character), the username is generated from the account name in the following manner (pseudo-code):

  username = LowerCase(Base32(SHA1(LowerCase(accountname))))

Here, Base32 is the algorithm described in http://tools.ietf.org/html/rfc4648#section-6.
Assignee: nobody → stefan
Fixed in https://hg.mozilla.org/services/fx-home/rev/c7f87640ca79
Status: NEW → RESOLVED
Closed: 14 years ago
Resolution: --- → FIXED
Summary: Use email address instead of username → Allow both email address and username to login
Verified fix on 1.0.3b1
Status: RESOLVED → VERIFIED
This needs to push ASAP since now that Weave 1.5 has gone out, new signups for Sync are finding that FxHome doesn't work at all.
Severity: normal → critical
There's a workaround, but it's kind of ugly.  The client doesn't pass the email to the server, there's a "real" username that's a hash of the email.  In about:config, there's a pref: services.sync.username that contains the "real" username.  Using that should work with 1.0.2.

Not awesome, but it'll have to do until we get 1.0.3 through the approval process...
Severity: critical → major
So, anyone who tries Sync for the first time after downloading Fx Home on their iPhone will fail to log in.

We'll go ahead and update the support documentation -- and after talking to Ragavan, it seems that downgrading to 1.4.2 is the easiest workaround -- but I was curious if there is any way we could detect this on the Sync/server-side rather than denying Fx Home 1.0.2 to log in? Something like:

If (the client doesn't pass the email to the server) {
  If (FxHome 1.0.2 or lower)
    Do workaround on the server rather than denying Fx Home access.
}

That way we're not completely under Apple's control with their approval process, which I assume will take a few days.
(In reply to comment #6)
> So, anyone who tries Sync for the first time after downloading Fx Home on their
> iPhone will fail to log in.
> 
> We'll go ahead and update the support documentation -- and after talking to
> Ragavan, it seems that downgrading to 1.4.2 is the easiest workaround

You probably mean Firefox Sync 1.4.4 here. Note that people will have to create a new account with that version.

> but I
> was curious if there is any way we could detect this on the Sync/server-side
> rather than denying Fx Home 1.0.2 to log in? Something like:
> 
> If (the client doesn't pass the email to the server) {
>   If (FxHome 1.0.2 or lower)
>     Do workaround on the server rather than denying Fx Home access.
> }
> 
> That way we're not completely under Apple's control with their approval
> process, which I assume will take a few days.

There's another workaround that's a bit cumbersome for users but works. Firefox Sync 1.5 generates a 32 character username from the user's email address. This is normally not shown to the user, but it can be seen by going to about:config and searching for the services.sync.username preference. Fx Home 1.0.2 should be able to use this username just fine (though admittedly it's tedious to enter on a mobile device.)
Just an update that 1.0.3 which fixes this issue has been submitted to Apple and is currently marked as being in review. We have also written to Apple asking them to expedite the review process. Will post an update when it gets approved.
Just got an email that 1.0.3 has been approved. It should start appearing in the App Store in a few minutes.
Woohoo! Michael, stop the presses on SUMO then.

(Philipp: yeah, that was the workaround mconnor mentioned above, too, but between that and telling users to downgrade to 1.4.2, the latter seems much simpler. Glad we didn't have to pick between any of them now, though!)
Product: Cloud Services → Cloud Services Graveyard
You need to log in before you can comment on or make changes to this bug.