New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Oxtrust allow to update user with duplicate uid when users are created through SCIM #1028

Closed
sahiliamsso opened this Issue Jul 2, 2018 · 8 comments

Comments

Projects
None yet
7 participants
@sahiliamsso
Contributor

sahiliamsso commented Jul 2, 2018

Based on this ticket, OxTrust doesn't check the unique UID when users is created through SCIM
Steps to reproduce --

  1. Create UserA and UserB with SCIM API
  2. Login to UI, and update UserB and change the userid to UserA. Click on update
    Expected Result - Duplicate UID error should be displayed
    Actual Result - User is saved successfully

image

@sahiliamsso sahiliamsso added this to the 3.1.4 milestone Jul 2, 2018

@sahiliamsso sahiliamsso added the bug label Jul 3, 2018

@mzico

This comment has been minimized.

Contributor

mzico commented Jul 5, 2018

@shekhar16

This comment has been minimized.

Contributor

shekhar16 commented Jul 12, 2018

@sahiliamsso @mzico its not possible to add duplicate uwername in ldap because we had already an unique constraints in ldap, ldap doesnt allow to save duplicate UID.
@yurem

@shekhar16

This comment has been minimized.

Contributor

shekhar16 commented Jul 12, 2018

@sahiliamsso @mzico Can u please share the oxtrust version u r using ?

@sahiliamsso

This comment has been minimized.

Contributor

sahiliamsso commented Jul 13, 2018

somehow it is allowed when user is created through SCIM ( Refer screenshot pasted in the issue earlier) . I have tested on 3.1.3 build.

@shekhar16

This comment has been minimized.

Contributor

shekhar16 commented Jul 15, 2018

image

shekhar16 added a commit that referenced this issue Jul 15, 2018

@shekhar16 shekhar16 closed this Jul 16, 2018

yurem added a commit that referenced this issue Aug 8, 2018

Merge pull request #1039 from GluuFederation/#1028
#1028 : Added message on updating duplicate uid.

yurem added a commit that referenced this issue Aug 9, 2018

@natt-tester

This comment has been minimized.

natt-tester commented Sep 11, 2018

@shekhar16, @yurem, It's impossible to change the UID to the same one for two users, but the message strings and logic need improvement.
I've created almost exactly the same users with no emails through SCIM. The only difference was their names. When I try to change one name to another and update the user, I get a message about the email being already taken:
update_message

Please correct it along with the typo.

The created user (Anna):

testy

trustyanna

@natt-tester natt-tester reopened this Sep 11, 2018

@yurem yurem assigned jgomer2001 and unassigned yurem Sep 11, 2018

syntrydy pushed a commit that referenced this issue Sep 11, 2018

syntrydy added a commit that referenced this issue Sep 11, 2018

Merge pull request #1202 from /issues/1028
Fix duplicate mail message #1028

syntrydy pushed a commit that referenced this issue Sep 11, 2018

@syntrydy

This comment has been minimized.

Contributor

syntrydy commented Sep 11, 2018

Fixed

@jgomer2001

This comment has been minimized.

Contributor

jgomer2001 commented Sep 11, 2018

Hi @sahiliamsso

I just tried to replicate with no success, here is what I did on a centos6 3.1.4 RC1:

  1. Created 2 users with usernames "UserA" and "UserB" with the great SCIM java client :)
  2. Confirmed in LDAP both were created, both in oxTrust appear too
  3. Still in oxTrust, tried to edit user "UserB" by setting its username to "UserA"

and got the expected error:

uidalreadyexists

So basically the same @natt-tester obtained already.

Want to give it a try once more?

@syntrydy syntrydy closed this Sep 12, 2018

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment