New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Provide a more helpful error to users of multiple providers #563

Merged
merged 2 commits into from Jun 22, 2018

Conversation

Projects
None yet
2 participants
@jeremycline
Copy link
Member

jeremycline commented Jun 19, 2018

If a user signs in with identity provider A and then signs in with
identity provider B and both providers have the same email for that
user, an IntegrityError happens when social_auth tries to make a new
user. Handle this and inform the user what provider they should use to
authenticate.

Ideally we could merge the accounts and let users auth with either one,
but this is more involved because not all providers confirm the email of
the user, so if a malicious user signs up with another user's email and
then it got merged, they could perform actions as the user.

Fixes #559

jeremycline added some commits Jun 19, 2018

Make is required to build the docs
We use the makefile from sphinx to build the docs so install it in the
Vagrant host.

Signed-off-by: Jeremy Cline <jcline@redhat.com>
Provide a more helpful error to users of multiple providers
If a user signs in with identity provider A and then signs in with
identity provider B and both providers have the same email for that
user, an IntegrityError happens when social_auth tries to make a new
user. Handle this and inform the user what provider they should use to
authenticate.

Ideally we could merge the accounts and let users auth with either one,
but this is more involved because not all providers confirm the email of
the user, so if a malicious user signs up with another user's email and
then it got merged, they could perform actions as the user.

Fixes #559

Signed-off-by: Jeremy Cline <jcline@redhat.com>

@jeremycline jeremycline merged commit 006b5bb into release-monitoring:master Jun 22, 2018

1 check passed

continuous-integration/travis-ci/pr The Travis CI build passed
Details

@jeremycline jeremycline deleted the jeremycline:dont-explode-on-email-dupes branch Jun 22, 2018

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment