Autoprovision Username as Alias, rather than Email

[mrjarbenne]

This issue (see link: https://github.com/psignoret/aad-sso-wordpress/issues/225) is causing some issues for us because we have additional functionality built out that identifies students by looking at the last four characters of their username to check for numbers.

Additionally, @mentions are a bit of a mess for new users because their username in BuddyPress is overly complicated, taking on the email domain with dashes, and doesn't match our established format:

Perhaps we can sort this out and create a Pull Request.

[r-a-y]

I've added a new filter so we can manipulate the 'user_login' field before the user is created in WordPress: commit https://github.com/hwdsb/aad-sso-wordpress/commit/5890159d13b930167e2c4cd79e1a6e896450fa6e

This way, we can parse the email address and set the user_login to whatever it is before the @ sign.

I'll send a PR to see what the developer thinks.

[r-a-y]

Just a quick update, I'm already using this filter on production. This will take effect for new users that haven't logged into the Commons before. Let me know if it works or not.

[mrjarbenne]

Awesome. I'll keep an eye out for new users and let you know, and start the process of switching the users who had registered prior to this fix over to our old logic.

[r-a-y]

and start the process of switching the users who had registered prior to this fix over to our old logic.

I can write a script that changes all usernames ending with "hwdsb-on-ca" to remove that portion. Just let me know if changing the 'user_login' will not cause any problems before I do so.

[mrjarbenne]

That would be great. Changing user_login doesn't seem to be causing any issues, I've been changing them in an ongoing way using Brajesh's Change Username plugin we are running.

One other snippet that would be helpful would be to block users from changing their email address, as that is the unique identifier being used to authenticate users. I did see a duplicate user produced because someone had changed their email from the hwdsb domain to gmail.com. I'm already restricting registration to @hwdsb.on.ca, but once they're in, I can't block them from changing it to something else.

[r-a-y]

Just ran a script that changed 1141 user accounts :)

One other snippet that would be helpful would be to block users from changing their email address

I'll look into this. I'm surprised that there isn't an existing WordPress plugin that handles this in the admin area. There probably wouldn't be a BuddyPress one, but this can be accomplished easily.

[mrjarbenne]

I looked and was surprised at the lack of options. Found a few messy hacks on stack overflow to hide the field, and a few others that did way more than what was necessary. Nothing small and clean.

[r-a-y]

I've added a small plugin that disables email address changes here: https://github.com/hwdsb/no-email-change

In the admin area, it uses a messy hack. Adds a readonly attribute and hides the email address field. Super admins can still make changes to user accounts though.

For our site, since the email address and password is not used, I've altered the BuddyPress "Settings > General" template to remove the email address and password form, while leaving the hooks needed for plugins to display their data (like our gdrive).

Side note: I couldn't find our fourteenish theme on Github, but maybe I'm not looking in the right place.