search

RocketChat / Rocket.Chat

The communications platform that puts data protection first.
https://rocket.chat/
Other
40.04k stars 10.32k forks source link

Allow custom rocketchat username for crowd users and enable login via email/crowd_username #12979

Open steerben opened 5 years ago

steerben commented 5 years ago

Description:

Currently the CROWD Plugin does working correct when allowing custom usernames (read: Allow users to change username) via their Rocketchat user settings. It is quite a common feature to use this custom name as a mention name.

Additionally the crowd plugin does not allow to login via email (even if the login UI suggests it would work), nor specifically the crowd_username (if the username has been changed), but only by the username in the current implementation.

This means that after changing username in Rocketchat, the Crowd login will stop working (since the new username is not available in Crowd). Therefore the Crowd plugin redirects to the fallback login handler, which then logins the user locally via the stored hashed password.

A crowd sync will additionally override the custom usernames to their crowd_username pendants on syncing.

Furthermore the login does not allow to use the email address - the sync on the other hand also tries to sync on email address basis. This is not a consistent behaviour.

Steps to reproduce:

  1. Enable Crowd authentication
  2. Allow users to change their username under Accounts
  3. Login via your crowd username
  4. Change your username to something else
  5. When logging in with your new rocketchat username you will be redirected to the fallback login, but not login via crowd
  6. On sync your rocketchat username will be reset again to the crowd username

Expected behavior:

  1. User can change is username in Rocketchat (if allowed in Account Settings and also in Crowd Settings)
  2. User is able to login via Rocketchat username, crowd_username and email
  3. On Crowd Sync and Login, the Rocketchat username is maintained as long as an option in the Crowd settings does allow a custom Rocketchat username.
  4. If this option is disabled, the usernames should be reset to their crowd pendants.
  5. Additional a local user (e.g. admin backup) should initially not be tried to be logged in via Crowd, but redirected to the fallback login in the first place

Actual behavior:

See steps to reproduce

Server Setup Information:

This is a code issue. Therefore it does not make sense to provide

Additional context

In our specific case, the crowd_username is equal to the user's email address. This is not optimal specifically to us, but in general others may also give their users the ability to use nicknames in the chat tool, which should not be propagated to other applications connected to the crowd instance

Relevant logs:

steerben commented 5 years ago

Nice to see, that it progresses @engelgabriel