Improvements to User Management #2838
Comments
|
I'd be keen to see this and user-extras in CKAN core, although might involve some care that we don't lock out users in existing installations. |
|
Sorry for the delay getting back, entirely my fault. This was discussed at the meeting and all thought it may be best to split these into two, solely to avoid potential problems with existing instances that don't have the single email restriction. We thought it would be great to get email validation and single-email restriction into CKAN as a core-extension, which is a normal plugin that is distributed with CKAN at https://github.com/ckan/ckan/tree/master/ckanext - that way it is simple to activate and won't cause problems for those that have existing duplicate emails, they can migrate and activate when ready. Particularly if it were possible to activate them independently. The user-extras, all believed would be easier to implement, and much more appropriate as a core part of CKAN. Presumably it'd also need an IUserForm interface in the same way that they exist for datasets. Does that seem like a good approach? I'd also suggest it would make sense to start the PR early, so that it's easier for others to spot potential issues early and save you some time, hopefully, in the long run. Marking it as WIP will mean that it doesn't get merged prematurely. |
|
How far a long is the IAuthenticator Interface now? It is currently still listed as "experimental" in the docs and this made it pretty difficult to design these changes as an extension. It ended up being easier to add a little code in the core to allow login via email: https://github.com/OCHA-DAP/hdx-ckan/blob/65fb4f74bda4eed21fc8070b1e30493902cdcf07/ckan/lib/authenticator.py#L22 |
|
I doubt there would be objections to login-by-email, as long as the validation of re-used email addresses and validating emails was in the extension (presumably in the logic layer and a controller for the validation url). So putting login-by-email into core with user-extras should be fine. |
|
Okay. I got I good idea of how I want to start this. One housekeeping question though, should the branch be based off master of some specific release branch? |
|
Master would be best. |
|
Is there a good reason why a user is not deleted from an organisation if the user is deleted from the system? In my opinion, the users should be deleted recursively in order to avoid zombie user entries. I use ckan 2.4. |
|
@tsufz If that's the case that sounds like a bug. Could you create a new issue for this? |
|
Well, I try to repeat the case in fresh installations of 2.4 and 2.5 and
|
|
Hey @rossjones. Was this user email verification issue addressed? |
|
@mevey not as far as I'm aware - at least I didn't see a PR. |
|
sorry, I neither create an issue nor checked the versions as promised in order of other duties... |
|
Hi, I created issue #3265. |
|
We decided to close old issues that are not actively worked on so that we can focus our effort and attention on issues affecting the current versions of CKAN. If this issue is still affecting the version of CKAN you're working with now, please feel free to comment or reopen the issue. If you do reopen this issue, please update it with new details. One reason it might not have been resolved in the past is that it wasn't clear how a contributor could address the issue. |
|
Is there any update for this task/idea? |
|
If validate an email for unique is a good idea, i would like to work on it. |
For me personally there are couple of things which are important:
I have already sent an email to ckan-dev group and stated exactly what I am looking for: I have seen couple of closed issues but now solutions.... |
Currently there is no email validation for unique, so it's possible to create multiple accounts with the same email. Because of this, the is no way to login via email and it's also spam vulnerability. This PR provides the is_email_unique validator so there is no way to create two or more users with the same email. Also, you can't change your email on already existed one.
At the moment, there is no validation for the uniqueness of the email, which does not allow us to use login via email. And it's also can be a vulnerability to spam attacks. This changes implements the is_email_unique validator, which prevents from creation two or more users with the same email.
|
Hey, I've created a PR #5100 with implementation of email uniqueness validation. |
At the moment, there is no validation for the uniqueness of the email, which does not allow us to use login via email. And it's also can be a vulnerability to spam attacks. This changes implements the is_email_unique validator, which prevents from creation two or more users with the same email.
There are a couple things that bother me about the way CKAN handles Users. Emails are not validated and multiple accounts can be registered under one email. This encourages spam attacks. It also makes logging in by email impossible.
On HDX we rewrote a lot of the user backend to fix this problem and also to add the ability to extend users with extras same way one might with groups or datasets. Would definitely be interested in taking that work and rolling it into CKAN core.
Thoughts?
The text was updated successfully, but these errors were encountered: