big confusion in login
As described in #64 . Since the rewrite in 2018, my avatar wasn't display correctly until yesterday, but I had to fight a lot to discover my problem . with https://www.libravatar.org/tools/check/ I found that what Fedora sites are looking for http://sergiomb.id.fedoraproject.org/ , and when I logged in with http://sergiomb.id.fedoraproject.org/ I went to my first registered user "sergiomb" but I usually I use just id.fedoraproject.org to login in my main user which is "sergiomb2" Here in sergiomb2 profile I defined a lot similar openIds https://sergiomb.id.fedoraproject.org/ (with https) and http://id.fedoraproject.org/openid/id/sergiomb/ and https://id.fedoraproject.org/openid/id/sergiomb . At least iavatar shouldn't allow:
- equal openIds with / or not in end
- with http and https with same URL
this cases allow 4 cases that are exactly the same thing:
http://id.fedoraproject.org/openid/id/sergiomb/ http://id.fedoraproject.org/openid/id/sergiomb https://id.fedoraproject.org/openid/id/sergiomb/ https://id.fedoraproject.org/openid/id/sergiomb
And at last when we try login, we just need write "id.fedoraproject.org", We don't need specify the user and neither the protocol.
If we specify an openId that is the same in practice , and are different registered, lets says: https://id.fedoraproject.org/openid/id/sergiomb/ and http://sergiomb.id.fedoraproject.org/ the iavatar creates a new login automatically , for example I have sergiomb , sergiomb2 to sergiomb11 already . But all the records have the same email , which makes us not allow to recover the password (because uses the email). In conclusion I think you shouldn't allow new records if the email associated is the same, and that can be the key point to allow a better service .