search

GSA / datagov-ckan-multi

Other
10 stars 6 forks source link

SAML2 users created with non-unique name #537

Closed adborden closed 3 years ago

adborden commented 3 years ago

The name should be the email address, so that we can do ckan sysadmin aaron.borden@gsa.gov.

This is important for Inventory so that logins can be mapped to existing users by email address.

Users:
count = 29
name=aaron-borden-6252 display=aaron.borden@gsa.gov
name=adborden display=Aaron D Borden
name=adborden2 display=Aaron D Borden
name=adborden-7726 display=adborden@a14n.net
name=admin
name=andres-vazquez-2006 display=andres.vazquez@datopian.com
name=cmacdermaid
name=fuhu-xia-293 display=fuhu.xia@gsa.gov
name=fxia
name=geo.gov
name=jamesbrown
name=james-c-brown-5706 display=james.c.brown@gsa.gov
name=juliekramer display=Julie Kramer
name=julie-kramer-1934 display=julie.kramer@gsa.gov
name=oren-kanner-3898 display=oren.kanner@gsa.gov
name=preston_sharpe
name=thomas-wood-1051 display=thomas.wood@gsa.gov
name=thomas-wood-2007 display=thomas.wood@gsa.gov
name=thomas-wood-2611 display=thomas.wood@gsa.gov
name=thomas-wood-2640 display=thomas.wood@gsa.gov
name=thomas-wood-371 display=thomas.wood@gsa.gov
name=thomas-wood-429 display=thomas.wood@gsa.gov
name=thomas-wood-4656 display=thomas.wood@gsa.gov
name=thomas-wood-4663 display=thomas.wood@gsa.gov
name=thomas-wood-5327 display=thomas.wood@gsa.gov
name=thomas-wood-5804 display=thomas.wood@gsa.gov
name=thomas-wood-6369 display=thomas.wood@gsa.gov
name=thomas-wood-7328 display=thomas.wood@gsa.gov

How to reproduce

Log into catalog-harvester-next1tf

  1. sudo ckan user

Expected behavior

Users are created with name as their email address.

Actual behavior

name is created as first-last-number

adborden commented 3 years ago

This is a launch blocker for both Inventory and Catalog.

jbrown-xentity commented 3 years ago

Looks like this is the offending line

avdata99 commented 3 years ago

Blocked since we are not ready to add test for this fix

adborden commented 3 years ago

I think we can close this. The email name as username worked for ckanext-saml2, but in the new extension, this would be a feature request. I think it makes more sense to just migrate the Inventory users instead of change the code here.

adborden commented 3 years ago

Closing since this only applies to the old ckanext-saml2 extension that we're not using.