Using both Username and Email?


#1

I have an app that uses both usernames and emails for users to login. I recently encountered an odd bug where if an email is used as a username, this can prevent an account with just the email from logging in.

User signups via email with email@test.test, which creates the user object
{... emails: [address: 'email@test.test']...}

Another user signups via username with email@test.test, which creates the user object
{... username: 'email@test.test'...}

How can I prevent this case from happening?
Can this be fixed with indexes somehow?


#2

Is there an option to disallow login with a username and leave only emails?


#3

No, I’m building out an education app. Students can only have usernames due to security constraints.


#4

The one possibility I’ve thought of is to automatically assign the username the email someone uses when signing up, but I feel like there are issues with that. I can’t think of what the issues are though.

Can you see any issues with that?


#5

automatically assign the username the email someone uses when signing up

This is not clear, could you please specify? And could you please explain a bit more about the security constraints? The usernames can be as well known as emails, no?

To the main question, how about to validate usernames on creation and consider them invalid if they ‘remind’ or look like emails?