--- a/web/test/unittest_application.py	Tue Apr 28 11:22:43 2009 +0200
+++ b/web/test/unittest_application.py	Tue Apr 28 14:24:16 2009 +0200
@@ -333,6 +333,26 @@
         self.assertRaises(AuthenticationError, self.publish, req, 'logout')
         self.assertEquals(len(self.open_sessions), 0) 
 
+    def test_login_by_email(self):
+        login = self.request().user.login
+        address = login + u'@localhost'
+        self.execute('INSERT EmailAddress X: X address %(address)s, U primary_email X '
+                     'WHERE U login %(login)s', {'address': address, 'login': login})
+        self.commit()
+        # option allow-email-login not set
+        req, origcnx = self._init_auth('cookie')
+        req.form['__login'] = address
+        req.form['__password'] = origcnx.password
+        self._test_auth_fail(req)
+        # option allow-email-login set
+        self.set_option('allow-email-login', True)
+        req, origcnx = self._init_auth('cookie')
+        req.form['__login'] = address
+        req.form['__password'] = origcnx.password
+        self._test_auth_succeed(req, origcnx)
+        self.assertRaises(AuthenticationError, self.publish, req, 'logout')
+        self.assertEquals(len(self.open_sessions), 0) 
+
     def _test_auth_anon(self, req):
         self.app.connect(req)
         acnx = req.cnx
@@ -384,8 +404,6 @@
         self.assertRaises(AuthenticationError, self.publish, req, 'logout')
         self.assertEquals(len(self.open_sessions), 0) 
 
-    
 
-        
 if __name__ == '__main__':
     unittest_main()

--- a/web/views/authentication.py	Tue Apr 28 11:22:43 2009 +0200
+++ b/web/views/authentication.py	Tue Apr 28 14:24:16 2009 +0200
@@ -51,10 +51,18 @@
         # associate the connection to the current request
         req.set_connection(cnx, user)
         return cnx
-        
+
+    def login_from_email(self, login):
+        session = self.repo.internal_session()
+        rset = session.execute('Any L WHERE U login L, U primary_email M, '
+                               'M address %(login)s', {'login': login})
+        if rset.rowcount == 1:
+            login = rset[0][0]
+        return login
+
     def authenticate(self, req, _login=None, _password=None):
         """authenticate user and return corresponding user object
-        
+
         :raise ExplicitLogin: if authentication is required (no authentication
         info found or wrong user/password)
 
@@ -66,6 +74,8 @@
             login, password = _login, _password
         else:
             login, password = req.get_authorization()
+        if self.vreg.config['allow-email-login'] and '@' in (login or u''):
+            login = self.login_from_email(login)
         if not login:
             # No session and no login -> try anonymous
             login, password = self.vreg.config.anonymous_user()

--- a/web/webconfig.py	Tue Apr 28 11:22:43 2009 +0200
+++ b/web/webconfig.py	Tue Apr 28 14:24:16 2009 +0200
@@ -79,6 +79,12 @@
           'if anonymous-user is set',
           'group': 'main', 'inputlevel': 1,
           }),
+        ('allow-email-login',
+         {'type' : 'yn',
+          'default': False,
+          'help': 'allow users to login with their primary email if set',
+          'group': 'main', 'inputlevel': 2,
+          }),
         ('query-log-file',
          {'type' : 'string',
           'default': None,