While Gate's multi-domain support expects usernames to be unique across domains. it isn't strictly enforced at the moment.
This allows for the following situation.
USER1 - username@domain1.com INACTIVE
USER2 - username@domain2.com ACTIVE
Present behaviour:
While USER2 is active and able to login to gate with their Google account, but when authenticating against gate, gate only checks the oldest user irrespective of "active" status, so username@domain2.com will never get a successful auth, even though they exist on gate and are the only active user at present.
Expected behavior:
Gate should check for "active" users with a particular username and authenticate them.
(Ideally Gate should also prevent such situations from arising in the first place, which will be addressed as a different issue for that but this fix will allow existing installations to work with minimal change in gate auth logic. )
While Gate's multi-domain support expects usernames to be unique across domains. it isn't strictly enforced at the moment.
This allows for the following situation.
USER1 - username@domain1.com INACTIVE USER2 - username@domain2.com ACTIVE
Present behaviour:
While USER2 is active and able to login to gate with their Google account, but when authenticating against gate, gate only checks the oldest user irrespective of "active" status, so username@domain2.com will never get a successful auth, even though they exist on gate and are the only active user at present.
Expected behavior:
Gate should check for "active" users with a particular username and authenticate them.
(Ideally Gate should also prevent such situations from arising in the first place, which will be addressed as a different issue for that but this fix will allow existing installations to work with minimal change in gate auth logic. )