tannercollin
commented
3 years ago It's required for integration. Discourse requires that each account has a unique email, so the new account will be given their portal email.
Open frollard opened 3 years ago
tannercollin
commented
3 years ago It's required for integration. Discourse requires that each account has a unique email, so the new account will be given their portal email.
frollard
commented
3 years ago When that situation is detected does it make sense to keep the existing account but change the discourse username to portal firstname.lastname and password to portalpassword?
frollard
commented
3 years ago https://meta.discourse.org/t/how-does-one-change-a-username-via-the-api/96118 seems to have a change username endpoint
tannercollin
commented
3 years ago --Yes! that could work and it saves us from merging the accounts later. I'll try implementing that tomorrow.--
Edit: this creates a security hole
frollard
commented
3 years ago Only other issue with this as the warning comment points out - portal emails are unverified and in theory a person could hijack a forum account through creating a portal account...not sure if that's a risk worth worrying about. Would be nice if it could force entry of the old password to enact the change, but I can't find any way to use the discourse api to validate the user. Does portal email verification make sense for this?
tannercollin
commented
3 years ago Yup, that's the problem with changing the Discourse username method:
The current method allows:
The alternative is we do email verification on the portal, but that's not practical without Mailgun and more friction for signing up. It's also a massive amount of code I don't wanna write.
frollard
commented
3 years ago I wonder if there's a way to force a trigger of email check on api account bulldoze...will search
On Thu, Sep 23, 2021 at 5:43 PM Tanner Collin @.***> wrote:
Yup, that's the problem with changing the Discourse username method:
- I set my portal email to @.***, matching your Discourse account
- I do a Spaceport auth using my portal account
- Your Discourse account username and password are changed to mine
- I can log into your Discourse account
The current method allows:
- I set my portal email to @.***, matching your Discourse account
- I do a Spaceport auth using my portal account
- My new Discourse account has your email. Your Discourse account email is set to something unguessable.
- You do a Discourse password reset on my new account.
- You can log into MY account. I shot myself in the foot.
The alternative is we do email verification on the portal, but that's not practical without Mailgun and more friction for signing up. It's also a massive amount of code I don't wanna write.
— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/Protospace/spaceport/issues/62#issuecomment-926242007, or unsubscribe https://github.com/notifications/unsubscribe-auth/AALW2SSITYHIGP4VW6IGMM3UDO3R7ANCNFSM5EJ4JYEQ . Triage notifications on the go with GitHub Mobile for iOS https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675 or Android https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub.
-- -Jamie Frost
https://github.com/Protospace/spaceport/blob/520d11c2365657c1fae4bdcd71e8142decdabcb6/authserver/auth_functions.py#L128
No idea if I'm doing this right...this function seems to find an existing discourse account and if email is in use it changes the existing discourse account to a random email, and assigns a new account the existing correct email; this can lock a user out of doing password resets or logins via that email. may be more common if people decide to join after becoming public forum members.