Account oddity need help rectifying

[EthanEChristian]

I have an account: https://clojars.org/users/ethanechristian

However, when i used "Login with Github" it seemingly created a new user: https://clojars.org/users/ethanchristian

Both of these accounts resolve to the same email, and theoretically should be able to publish the same projects. However, the latter is denied access while trying to deploy com.cerner.

I'm not entirely sure how I can resolve this conflict, any help would be greatly appreciated.

Thanks!

[tobias]

Hi @EthanEChristian! I'm happy to help get this figured out. I did a little digging, and it looks like this is an issue with Clojars not downcasing emails in some cases.

The "Login with GitHub" functionality does not create users; it can only be used to log in to an existing account. Your two accounts are:

• ethanechristian: created 2021-09-13 with your email address starting with a capital E. This user is a member of the com.cerner group.
• ethanchristian: created 2024-04-16 with the same email address, but starting with a lowercase e. This user is not a member of the com.cerner group.

So they are two distinct users with their own permission sets. I think the most straightforward thing to do is to merge these back in to one, and I'm happy to do that. I can also downcase the email at the same time. Does that work for you? If you want to deploy immediately, you have a couple of options:

• don't use "Login with GitHub", and log in to ethanechristian via the login form by entering the username instead of an email. You can then create a deploy token for this user and should be able to deploy.
• login to ethanechristian as above, but then add ethanchristian as a member of the com.cerner group. ethanchristian will then be able to deploy. This latter option does make merging more complicated though, so is less ideal.

I'll then do an audit to fix places were we don't properly downcase emails to prevent this from happening in the future.

[EthanEChristian]

Hey @tobias,

Merging the users sounds like a solid solution to me. For the latter, i must somewhat shamefully admit that I have lost my 2FA account that backed this account and have yet been able to recover it. So that is a bit of a blocker from me using the ethanechristian user, and is probably the initiator of this entire problem.

[tobias]

I can go ahead and merge the two users and will let you know when that is complete. I'll also remove 2FA from the account. I'll wipe the password so you will have to recover it to log in (this verifies you own the email address, just as a precaution).

While we are shamefully admitting things: I just discovered (after maintaining Clojars for nine years) that there is no uniqueness requirement around emails! You can create as many users as you want with the same email, but if you try to log in with an email address, you'll always get the oldest user. I'll need to do some work to address that, but it won't impact you.

[tobias]

To clarify (since I wasn't clear above): I'll merge ethanchristian into ethanechristian. Let me know if you'd prefer I go the other way.

[EthanEChristian]

Yes, I think ethanechristian makes sense as the correct user to be the final result of the merge. Thank you for all of the help

[tobias]

@EthanEChristian You should be all set! I have:

• merged the two users into ethanechristian
• removed the password and otp
• downcased the email

Note that this merge did not bring over any deploy tokens from ethanchristian, so you may need to create a new one under the merged account.

With that, you should be able to reset your password and log in via email or username, and you should also be able to log in via "Login with GitHub".

And it's my pleasure! I'm glad you reached out since it led me to discover some issues with our data model.

Let me know if you have any issues!

[EthanEChristian]

@tobias you are truly a life saver, the above solved all my issues! Thank you so much.

[tobias]

My pleasure @EthanEChristian! I'm glad we got it worked out.