8000 minor #21088 [Security] : Removing recommendations to lowercase email… · symfony/symfony-docs@43ce2d0 · GitHub
[go: up one dir, main page]
Skip to content

Commit 43ce2d0

Browse files
javiereguiluzjaviereguiluz
committed
minor #21088 [Security] : Removing recommendations to lowercase email adresses (ThomasLandauer)
This PR was merged into the 7.3 branch. Discussion ---------- [Security] : Removing recommendations to lowercase email adresses Closes #21080 Page: https://symfony.com/doc/current/security/custom_authenticator.html#user-identifier `@wouterj` I shortened your suggestion at #21080 (comment) even further, to now sound as neutral as possible (i.e. neither advising for nor recommending against normalization). Commits ------- d4c4f2d [Security]: Removing recommendations to lowercase email adresses
2 parents c16db06 + d4c4f2d commit 43ce2d0

File tree

1 file changed

+6
-28
lines changed

1 file changed

+6
-28
lines changed

security/custom_authenticator.rst

Lines changed: 6 additions & 28 deletions
Original file line numberDiff line numberDiff line change
@@ -282,39 +282,17 @@ associated with the user. It allows loading the user through the configured
282282
}
283283
}
284284

285-
It's a good practice to normalize the user identifier before using it. This
286-
ensures that variations like "john.doe", "John.Doe", or "JOHN.DOE" are treated
287-
as the same user.
288-
289-
Normalization typically involves converting the identifier to lowercase and
290-
trimming extra spaces. For example, Google considers the following email
291-
addresses equivalent: ``john.doe@gmail.com``, ``j.hon.d.oe@gmail.com``, and
292-
``johndoe@gmail.com``. This is due to normalization rules that remove dots and
293-
lowercase the address.
294-
295-
In enterprise environments, users might authenticate using different identifier
296-
formats, such as:
297-
298-
* ``john.doe@acme.com``
299-
* ``acme.com\jdoe``
300-
* ``https://acme.com/+jdoe``
301-
* ``acct:jdoe@acme.com``
302-
303-
Applying normalization (e.g. lowercasing, trimming, or unifying formats) helps
304-
ensure consistent identity resolution and prevents duplication caused by
305-
format differences.
306-
307-
In Symfony applications, you can optionally pass a user identifier normalizer as
308-
the third argument to the ``UserBadge``. This callable receives the ``$userIdentifier``
309-
and must return a normalized string.
285+
You can normalize the user identifier before using it (e.g. to ensure that variations like
286+
"john.doe", "John.Doe", or "JOHN.DOE" are treated as the same user).
287+
In Symfony applications, you can optionally pass a user identifier normalizer as the
288+
third argument to the ``UserBadge``. This callable receives the ``$userIdentifier`` and must return a string.
310289

311290
.. versionadded:: 7.3
312291

313292
Support for user identifier normalizers was introduced in Symfony 7.3.
314293

315-
For instance, the example below uses a normalizer that converts usernames to
316-
a normalized, ASCII-only, lowercase format suitable for consistent comparison
317-
and storage::
294+
The example below uses a normalizer that converts usernames to
295+
a normalized, ASCII-only, lowercase format::
318296

319297
// src/Security/NormalizedUserBadge.php
320298
namespace App\Security;

0 commit comments

Comments
 (0)
0