Cross-posting discussion from #2595067: Add a note about incompatibility with Email Registration and login-by-email with Logintoboggan

In case there was any doubt: this module should not be used with Shared Email.

Comments

aaronbauman created an issue. See original summary.

greggles’s picture

That's pretty funny because the project page of sharedmail says it works with this. Any idea what's up with that?

greggles’s picture

Status: Active » Fixed

I did add a note to the project page, so I guess this is fixed. Thanks!

AaronBauman’s picture

Great, thank you.

Even on a purely conceptual level, these modules cannot be compatible without explicit accommodation of one from the other (which doesn't exist, and would be extensive).

For example, if a user enters a shared email address to fetch a password reset, which user gets logged in?
Or, if a user tries to login with a shared email address, how do we identify the correct user to authenticate?

I tried to point out as much in my comment.

greggles’s picture

Totally, that fundamental problem makes sense to me, but I guess there might be solutions?

Thanks for filing the issue!

AaronBauman’s picture

Right, so essentially we'd have to implement have a 2-component unique identifier - email address and password.

Register / Login with shared email

This is the relatively easy problem to solve.
- A new authentication handler needs to validate (email address + password) against all users sharing the given email address.
- A new validation scheme needs to enforce a unique key of (email address + password), so that two users cannot have the same (email address + password) combo.

Reset password

This one requires significant changes to Drupal UX.
Since they forgot one of their identifiers, we need to confirm a 3rd data point from the user - username, phone number, or something - otherwise we risk granting access to the wrong user account.
So, solvable, but seems way out of scope for either of these modules.

Status: Fixed » Closed (fixed)

Automatically closed - issue fixed for 2 weeks with no activity.