thoughtbot / clearance
watch download tarball
public
Forks51Right
Watchers712Right
Description: Rails authentication with email & password.
Home | Edit | New

Email case sensitivity

When a User signs up using Clearance, their email is stored in the case they enter. By default, the email column is a simple string type. It does not use the :binary option provided by Rails.

This means that all MySQL SELECTs on email are case-insenstive. So when a User signs in, even if they type a different case than is actually stored, MySQL will still find their email.

We made this decision so that:

  • the user is unsurprised
  • the code is minimal
  • variations can be layered on

Know your database

If you’re not using MySQL, check to see how it handles case sensitivity on the email column.

Override to meet the RFC 5321 spec

According to the RFC 5321 specification, it is technically possible to have multiple email addresses in a mail server whose local-parts are the same characters but of different case.

In practice, that is rare. However, if you want to strictly meet the spec, we recommend that you:

  • change the email field to use the :binary option
  • write site copy on your sign up & sign in forms about email case sensitivity

Nothing in Clearance will stop you from doing this.

Override to always be downcase

Are you paranoid? Do you want to force emails to be downcased? You can add a downcase_email callback in your User model:

before_save :downcase_email

protected

def downcase_email
  self.email = email.to_s.downcase
end

Nothing in Clearance will stop you from doing this. By default, however, the behavior will be the same with a a MySQL backend.

Database index

For a few early versions of Clearance, we used the LOWER() SQL function on email for the authenticate method. That was to handle old records that may have uppercase characters. However, this caused the database not to use the database index. In an app with even just a few thousand users, that can make the authenticate method noticeably slower.

If you decide to use the downcase_email callback in your app, we recommend that you run a migration that downcases the value of the email column for all the records in the users table.

Pages feed

Last edited by dancroak, Mon Feb 16 07:57:07 -0800 2009
Home | Edit | New
Versions: