Closed larsrinn closed 1 year ago
I think the way JWT is currently handled, it's required, but maybe we can remove this strictness in the matching requirement. Going to look into it!
@Berry-13 is working on a fix for this!
@larsrinn While I couldn't reproduce the exact scenario you have, I merged a change that should fix your issue.
Great. Thank you. I had to delete the users
collection because it still had the constraint at the database level. Now it seems to work and it was no issues, because we didn't have any users yet. But is there a way around this? Sorry, I don't have experience with Mongo and mongoose. Coming more from the Python and Postgres world
Great. Thank you. I had to delete the
users
collection because it still had the constraint at the database level. Now it seems to work and it was no issues, because we didn't have any users yet. But is there a way around this? Sorry, I don't have experience with Mongo and mongoose. Coming more from the Python and Postgres world
This might help https://stackoverflow.com/questions/44318188/add-new-validator-to-existing-collection
In general from what I gather, you have to follow what the stackoverflow link says (run a script or use mongo shell), or migrate the data to a new collection. Either way is not so simple and starting the collection over as you did would be easier so past validation doesn't exist.
Either way is not so simple and starting the collection over as you did would be easier so past validation doesn't exist.
Now this was easily possible because there were no actual users. But if there had been, I would have deleted all their accounts and content, which doesn't sound great.
I did a quick search in the internet whether there is something like schema migrations in mongoose but was unsuccessful. Are you aware of this? It would be ideal, if there was a script which could be executed at every deployment, which updates the database levels constraints to match the ones defined in the schema currently.
Contact Details
lars.rinn@node.energy
What happened?
When some users are trying to login using Azure AD, they get a server error. I think found the underlying issue:
username
claim back, so it takes thegiven_name
. If this name doesn't match the regex, the server fails. (This would also happen for the fallback option of an empty string ifgiven_name
wasn't there either)This leads to the question: What is the username used for at all? Couldn't it be removed alltogether? If I see it correctly, it's not shown in the frontend
Steps to Reproduce
What browsers are you seeing the problem on?
No response
Relevant log output
No response
Screenshots
No response
Code of Conduct