-
Notifications
You must be signed in to change notification settings - Fork 15
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Bug: Duplicate username error #33
Comments
Hi @mullernato , The process of checking the existence of a user in the database is done by looking up the email in the table. If the user with the desired email is in the table (provided that config(ShieldOAuthConfig::class)->syncingUserInfo is active), the information will be updated in the table every time user login, and if there is no user with the email, a new user will be registered.
Your solution is good, but as long as the shield settings are for user login with email and password, if login is with username and password, the user cannot login because he/she does not know that an suffix has been automatically added to username. to be Unless it is assumed that we will not have login with username and password, which is definitely not a good assumption. Do you have any other opinion with the above explanation? thoughts? |
Here in my system the user has 2 login/registration options:
The Shield requires a username in the register, and in the database table it cannot be duplicated, even if it is irrelevant for use, so I thought of putting a suffix in case of duplicity, as the user will not use this username to login. |
even though it's not my case but if two people register using google oauth or any other oauth and they have the same first name it will result in this username already exists error. to my case I change the Library GoogleOAuth.php setColumnsName function to: protected function setColumnsName(string $nameOfProcess, $userInfo): array
{
if ($nameOfProcess === 'syncingUserInfo') {
$usersColumnsName = [
$this->config->usersColumnsName['first_name'] => $userInfo->given_name,
$this->config->usersColumnsName['last_name'] => $userInfo->family_name,
$this->config->usersColumnsName['avatar'] => $userInfo->picture,
];
}
if ($nameOfProcess === 'newUser') {
$usersColumnsName = [
// users tbl // OAuth
'username' => $this->genUsername($userInfo->name),
'email' => $userInfo->email,
'password' => random_string('crypto', 32),
'active' => $userInfo->email_verified,
$this->config->usersColumnsName['first_name'] => $userInfo->given_name,
$this->config->usersColumnsName['last_name'] => $userInfo->family_name,
$this->config->usersColumnsName['avatar'] => $userInfo->picture,
];
}
return $usersColumnsName;
}
protected function genUsername($name) : string
{
// change all spaces, underscores, dots, dashes, etc. to a single underscore
// and make it lowercase
$name = preg_replace('/\s+/', '_', $name);
$name = preg_replace('/[^A-Za-z0-9\_]/', '', $name);
$name = strtolower($name);
//add 2 random numbers to the end of the username to prevent duplicates separate by underscore
$name = $name . '_' . rand(10, 99);
return 'g_'.$name;
} |
I thought about this a bit, we can add a prefix to username. In addition, we can add a session or event so that if the user's login is OAuth, the user will be reminded to change his username(or any data) if needed. I have pinned this topic, I will wait for a while, maybe we will get another feedback, otherwise we will proceed as I explained above. |
@mullernato PR #58 solved this issue by replacing email for username. Check if you can. |
PHP Version
8.2
CodeIgniter4 Version
4.3.3
Shield Version
latest dev
Shield OAuth Version?
dev-develop
Which operating systems have you tested for this bug?
Linux
Which server did you use?
fpm-fcgi
Database
Mariadb 10.6
Did you add customize OAuth?
No
What happened?
if there is another user with the same username, an error occurs when registering a new account with google login.
duplicate username error
Steps to Reproduce
Manually register a user using Shield with the first name of a test gmail user, eg John. Then log in with a test Gmail account whose user is named John. This will generate a duplicate username error.
Expected Output
It was expected that the username would be registered with some suffix to differentiate it from an existing user.
Anything else?
No response
The text was updated successfully, but these errors were encountered: