Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Changing your user name produces an error and logs you out #2394

Closed
davidread opened this issue Apr 14, 2015 · 5 comments

Comments

Projects
None yet
4 participants
@davidread
Copy link
Contributor

commented Apr 14, 2015

If you edit your user and change your user name, it says "Profile updated" (which is good - it worked) and "Unauthorized to edit a user" and you are now logged out.

All the other user fields work ok.

@davidread

This comment has been minimized.

Copy link
Contributor Author

commented Apr 14, 2015

BTW there is a test for this in #2393 with the name field commented out

@amercader

This comment has been minimized.

Copy link
Member

commented Apr 21, 2015

@davidread do you have time to have a look at investigate a bit more what might be happening? cheers

@davidread

This comment has been minimized.

Copy link
Contributor Author

commented Apr 21, 2015

I've got a bit of a backlog, and we don't use this feature in DGU, so I'd rather not, unless it can wait a couple of weeks

@amercader amercader self-assigned this Apr 23, 2015

@nateprewitt

This comment has been minimized.

Copy link
Contributor

commented Apr 23, 2015

So I believe I've tracked this down to the BaseController, which is superseding the redirect_to call in _save_edit. The comment in there says the user needs to be forced to logout when they update their name (I'm not sure if this is correct) which is what is causing the issue.

I think this is redirecting back to the /user/edit/ page after performing the logout function which is what is generating the 401 error and then forcing the user to the login page since they're currently unauthenticated.

As for a fix, I'm not sure what the best way to approach this is, but I can probably dig around this week and see what I come up with.

@davidread

This comment has been minimized.

Copy link
Contributor Author

commented Apr 24, 2015

Good spot finding the relevant code.

The authtkt cookie contains the user's name, so when you change your user.name in the database, then the cookie is out of date. Then when it gets to that code in BaseController you referenced, it finds that user name isn't in the database and therefore the best thing is to log you out. (The cookie's user name is read by the AuthKit middleware and that sets request.environ['REMOTE_USER'].)

The best solution would be to tell authtkt to change the cookie to have the new username.
Failing that, CKAN could just warn the user that they will have to log-in again if they change their username.

Psykar added a commit to Psykar/ckan that referenced this issue May 19, 2016

@Psykar Psykar referenced this issue May 19, 2016

Merged

[#2394] Fix user log out on username change #3030

2 of 5 tasks complete

Psykar added a commit to Psykar/ckan that referenced this issue May 19, 2016

Psykar added a commit to Psykar/ckan that referenced this issue May 19, 2016

amercader added a commit that referenced this issue Aug 26, 2016

Fix user log out on username change
Fixes #2394

Conflicts:
	ckan/tests/controllers/test_user.py

amercader added a commit that referenced this issue Aug 26, 2016

Fix user log out on username change
Fixes #2394

Conflicts:
	ckan/tests/controllers/test_user.py

amercader added a commit that referenced this issue Aug 26, 2016

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.