talk icon indicating copy to clipboard operation
talk copied to clipboard

Published 20 hours ago verified publisher icon coralproject

Duplicate usernames permitted by E-Mail Authentication

Open ihardyslide opened this issue 2 years ago • 4 comments

Hi,

my fresh coral setup has an issue with usernames, since it's permitting duplicate ones, even though the documentation clearly states that usernames must be unique:

image

Userflow:

  • Register a new user (e.g. in the comment section via the register button)
  • Choose username "test"
  • Log out after completing registration
  • Register another new user, with the same username "test"
  • Coral will successfully let you do this

Expected behavior: Usernames must be unique on registration

Actual behavior: Usernames can be duplicate image

Versions:

  • MongoDB: docker image mongo:4.2
  • Redis: docker image redis:3.2
  • Coral: docker image of coral release 7.0.2
  • Browser: Chrome & Firefox
  • OS: containers running on Debian GNU/Linux 9 (stretch)

ihardyslide avatar May 10 '22 08:05 ihardyslide

thanks for reporting, we'll investigate this issue.

tessalt avatar May 13 '22 16:05 tessalt

We're working on a fix in this sprint

losowsky avatar Jun 13 '22 16:06 losowsky

Hi, I wanted to ask if there is any update on this one. Also I wanted to mention that this does not only affect e-mail auth, but also OIDC auth.

ihardyslide avatar Aug 10 '22 08:08 ihardyslide

Also I can confirm, this is still an issue with 7.3.0 image image

ihardyslide avatar Aug 31 '22 15:08 ihardyslide

Closing this as our recommended and preferred setup for Coral is always using SSO, where username/email is the responsibility of the registration system

losowsky avatar Sep 15 '23 14:09 losowsky