Skip to content

Commit c7983d6

Browse files
javiereguiluzjaviereguiluz
committed
Merge branch '7.4' into 8.0
* 7.4: Minor tweaks [Security]: Removing recommendations to lowercase email adresses
2 parents ee1a10e + b96aeb0 commit c7983d6

File tree

1 file changed

+7
-27
lines changed

1 file changed

+7
-27
lines changed

security/custom_authenticator.rst

Lines changed: 7 additions & 27 deletions
Original file line numberDiff line numberDiff line change
@@ -282,39 +282,19 @@ associated with the user. It allows loading the user through the configured
282282
}
283283
}
284284

285-
It's a good practice to normalize the user identifier before using it. This
286-
ensures that variations like "john.doe", "John.Doe", or "JOHN.DOE" are treated
287-
as the same user.
285+
Some applications normalize user identifiers before processing them. For example,
286+
lowercasing identifiers helps treat values like "john.doe", "John.Doe", or
287+
"JOHN.DOE" as equivalent in systems where identifiers are case-insensitive.
288288

289-
Normalization typically involves converting the identifier to lowercase and
290-
trimming extra spaces. For example, Google considers the following email
291-
addresses equivalent: ``john.doe@gmail.com``, ``j.hon.d.oe@gmail.com``, and
292-
``johndoe@gmail.com``. This is due to normalization rules that remove dots and
293-
lowercase the address.
294-
295-
In enterprise environments, users might authenticate using different identifier
296-
formats, such as:
297-
298-
* ``john.doe@acme.com``
299-
* ``acme.com\jdoe``
300-
* ``https://acme.com/+jdoe``
301-
* ``acct:jdoe@acme.com``
302-
303-
Applying normalization (e.g. lowercasing, trimming, or unifying formats) helps
304-
ensure consistent identity resolution and prevents duplication caused by
305-
format differences.
306-
307-
In Symfony applications, you can optionally pass a user identifier normalizer as
308-
the third argument to the ``UserBadge``. This callable receives the ``$userIdentifier``
309-
and must return a normalized string.
289+
If needed, you can pass a normalizer as the third argument to ``UserBadge``.
290+
This callable receives the ``$userIdentifier`` and must return a string.
310291

311292
.. versionadded:: 7.3
312293

313294
Support for user identifier normalizers was introduced in Symfony 7.3.
314295

315-
For instance, the example below uses a normalizer that converts usernames to
316-
a normalized, ASCII-only, lowercase format suitable for consistent comparison
317-
and storage::
296+
The example below uses a normalizer that converts usernames to a normalized,
297+
ASCII-only, lowercase format::
318298

319299
// src/Security/NormalizedUserBadge.php
320300
namespace App\Security;

0 commit comments

Comments
 (0)