search

NodeBB / nodebb-plugin-sso-oauth2-multiple

NodeBB Plugin for configuring multiple OAuth2 endpoints for login
BSD 2-Clause "Simplified" License
9 stars 4 forks source link

New user being created instead of using existing #68

Open 1zun4 opened 3 months ago

1zun4 commented 3 months ago

Hi there,

I am confused on how to set up the plugin to use an existing user based on their email address.

Currently, as soon as I log in with my own OAuth2 Strategy (which comes with the verified email flag set), it still creates another user: image

I thought it would help to enable Use email as username (overrides previous option) in Preferences, but that did not help either. I also checked Automatically confirm emails when email_verified is true'.

image

I have had a look at the login code and if I am not mistaken it is supposed to do this already, so there seems to be something wrong with it. https://github.com/NodeBB/nodebb-plugin-sso-oauth2-multiple/blob/43c74140829a6d9141330c3609967c2530f48b70/library.js#L226-L229

julianlam commented 3 months ago

It's a little concerning that a user was created with the same email as an existing user...

Are you able to provide the example profile return from your OAuth2 provider?

julianlam commented 3 months ago

@1zun4 Can you try v1.4.2?

1zun4 commented 3 months ago

Seems it still happens. A new user was created with verified e-mail.

Is this what you asked for?

{
  "name": "liquidbounce",
  "oAuthid": "6fdadadc46877989fdcd1ee8b0e0a90149703b9ce74ecbfa23d2e86bd8c61d0a",
  "handle": "1zuna",
  "email": "1zuna@ccbluex.net",
  "email_verified": true
}

Also checked what the function returns: After UidByEmail: null

Seems there is something wrong with user.getUidByEmail(payload.email) instead.

julianlam commented 3 months ago

Hmm. How was the original account verified? Can you try manually verifying it again via the ACP?

Then perhaps the function will return properly

1zun4 commented 3 months ago

I manually re-verified the original account through the ACP and it suddenly worked. I came across this thread https://community.nodebb.org/topic/10355/user-getuidbyemail-cannot-find-email/5 and it is likely that I am somehow missing the email:uid entry but still be verified?

The problem with this is that I need to fix this for 10k users, do you have any idea how to do this easily?

julianlam commented 3 months ago

It happens on old forums where the email verification was just a simple flag in the user hash. That system was updated but perhaps the existing values were left as-is.

Might need a one-off script to update the email:uid hash, I can cobble one together for you Monday.