Usernames with periods fail on second login #17
Comments
|
seems duplicated with #15 ? |
veox
added a commit
to veox/taiga-contrib-ldap-auth-ensky
that referenced
this issue
Dec 1, 2016
In `ldap_register()`, LDAP binding has already been performed, and the user is allowed to authenticate. However, the current logic is to look up the user entry in local DB using the string from the login form. If the latter fails, creating a new user is attempted - which might have been already created! This still does not allow special characters (as in ensky#43, which can be unsafe), but does address the underlying issue. Should fix ensky#15, ensky#17, ensky#45, and make ensky#43 obsolete.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
The register method calls 'unique slugify' (or thereabouts) on the username, which removes periods from the username on saving to the database. A subsequent login attempt will find no user with the same username, and attempt autoregistration, but will violate a unique email constraint.
For temp use we're just passing the username through without modification, and it seems to work...
The text was updated successfully, but these errors were encountered: