You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
We validate user's email addresses to be at most 50 characters, and in some cases reject user creation when that limit is exceeded.
However, local parts of email addresses can by quite long, and domain name components can be up to 63 characters.
While this impacts user's trying to set their own email address, and some signups, and in those cases the error message is actionable, invited users don't have an option to set an alternate email address when their password is saved, and oauth users see a login failure without with an explanation.
To Reproduce
As an example experiment, I tried to invite my hypothetical local pizza parlor owner Frank to my Forem, his email is frank.giuseppe@frankgiuseppesoriginalneapolitan.pizza (okay, totally contrived example of a valid but long-ish email, this is 53 characters long).
I'm able to invite him (via http://localhost:3000/admin/invitations), since validations are skipped when creating the stub user, but he's unable to set his password (since his user can't be saved in this state).
We probably need to relax this email width requirement, or remove email addresses that fail validation.
If this validation and length limit are preserved, it should be checked before sending invites for user's that would not be able to sign in afterward.
Screenshots
User invited
But can't set a password after accepting the invite
Sign in from twitter with long email example
Additional context
https://app.honeybadger.io/projects/66984/faults/82641164 this happens to twitter users sometimes, error is ActiveRecord::RecordInvalid: Validation failed: Email is too long (maximum is 50 characters) when calling Authentication::Authenticator#find_or_create_user! and attempting to save the (invalid) user record.
The text was updated successfully, but these errors were encountered:
Thanks for the issue, we will take it into consideration! Our team of engineers is busy working on many types of features, please give us time to get back to you.
Feature requests that require more discussion may be closed. Read more about our feature request process on forem.dev.
To our amazing contributors: issues labeled bug are always up for grabs, but for feature requests, please wait until we add a ready for dev before starting to work on it.
To claim an issue to work on, please leave a comment. If you've claimed the issue and need help, please ping @forem-team. The OSS Community Manager or the engineers on OSS rotation will follow up.
For full info on how to contribute, please check out our contributors guide.
djuber
changed the title
User's email length is too narrow
User creation fails when email longer than 50 characters
Apr 27, 2022
Describe the bug
We validate user's email addresses to be at most 50 characters, and in some cases reject user creation when that limit is exceeded.
However, local parts of email addresses can by quite long, and domain name components can be up to 63 characters.
While this impacts user's trying to set their own email address, and some signups, and in those cases the error message is actionable, invited users don't have an option to set an alternate email address when their password is saved, and oauth users see a login failure
withoutwith an explanation.To Reproduce
As an example experiment, I tried to invite my hypothetical local pizza parlor owner Frank to my Forem, his email is frank.giuseppe@frankgiuseppesoriginalneapolitan.pizza (okay, totally contrived example of a valid but long-ish email, this is 53 characters long).
I'm able to invite him (via http://localhost:3000/admin/invitations), since validations are skipped when creating the stub user, but he's unable to set his password (since his user can't be saved in this state).
As a second experiment, add a long enough email alias (maybe "your.name+areallylongignoredbygooglesmailserverspart@gmail.com"?) and add this to an available oauth provider's account (twitter, for example), then attempt to sign up.
Expected behavior
We probably need to relax this email width requirement, or remove email addresses that fail validation.
If this validation and length limit are preserved, it should be checked before sending invites for user's that would not be able to sign in afterward.
Screenshots
User invited
But can't set a password after accepting the invite
Sign in from twitter with long email example
Additional context
https://app.honeybadger.io/projects/66984/faults/82641164 this happens to twitter users sometimes, error is
ActiveRecord::RecordInvalid: Validation failed: Email is too long (maximum is 50 characters)
when callingAuthentication::Authenticator#find_or_create_user!
and attempting to save the (invalid) user record.The text was updated successfully, but these errors were encountered: