Update Email Action does not properly update username if username=email is active #16679
Closed
2 tasks done
Labels
area/authentication
Indicates an issue on Authentication area
kind/bug
Categorizes a PR related to a bug
Milestone
Before reporting an issue
Area
user-profile
Describe the bug
When a realm has the username=email flag active, and a user has to complete the update-email action, their username is not updated.
The user is then able to log in with both their old email as well as their new email.
Whether or not the realm has the "Verify Email" flag active does not impact this behaviour.
Version
20.0.3
Expected behavior
The user's username should also be set to their newly set email address.
Actual behavior
The user's username remains as the old email, which allows them to still log in with the old email, as well as disallowing new users to be created with that email address.
How to Reproduce?
2.1 Enable Email as username
2.2 Enable Login with email
2.3 Enable Edit username
2.4 Enable the Update Email Required Action
3.1 Set a password for the user
3.2 Set the "update email" action for the user
Anything else?
In the admin console, it is now visible that the user has their old email as a username, but the new email as an email. When the user is then saved (for example by going to the Attributes Tab, and pressing "Save" without changing any attributes), the user's username will actually be overwritten by the newly set email.
The text was updated successfully, but these errors were encountered: