You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Currently email like usernames are disallowed via the Validation logic set in the backend: https://github.com/learningequality/kolibri/blob/release-v0.16.x/kolibri/core/auth/models.py#L367 this precludes the generation of FacilityUsers with email like usernames, unless created directly through the ORM (without doing a full_clean of the model prior to save), and also prevents their syncing, as Morango does a full_clean of the model during the deserialization process.
Expected behavior
There are certain circumstances where this is desirable - the main one being for use with the oidc-client-plugin, where the system being used for Open ID verification is using emails as the usernames.
Observed behavior
Currently email like usernames are disallowed via the Validation logic set in the backend: https://github.com/learningequality/kolibri/blob/release-v0.16.x/kolibri/core/auth/models.py#L367 this precludes the generation of FacilityUsers with email like usernames, unless created directly through the ORM (without doing a full_clean of the model prior to save), and also prevents their syncing, as Morango does a full_clean of the model during the deserialization process.
Expected behavior
There are certain circumstances where this is desirable - the main one being for use with the oidc-client-plugin, where the system being used for Open ID verification is using emails as the usernames.
To achieve this, but not cause a drastic change and a slew of non-backwards syncable FacilityUser accounts, we should move the username validation regex out of the model definition, and into the FacilityUserSerializer: https://github.com/learningequality/kolibri/blob/release-v0.16.x/kolibri/core/auth/serializers.py#L79
This will allow the OIDC client plugin to create these usernames, as it uses the
create_user
method of the FacilityUser manager class: https://github.com/learningequality/kolibri-oidc-client-plugin/blob/master/kolibri_oidc_client_plugin/auth.py#L83The one side effect here is that users of this type will also be able to be created via the command line using management commands.
User-facing consequences
Difficulty integrating with systems where email is the primary username.
The text was updated successfully, but these errors were encountered: