1095010 – cannot login using LDAP account if an existing account has the same e-mail address

Bug 1095010 - cannot login using LDAP account if an existing account has the same e-mail address

Summary: cannot login using LDAP account if an existing account has the same e-mail ad...

Keywords:
Status:	CLOSED CURRENTRELEASE
Alias:	None
Product:	Beaker
Classification:	Retired
Component:	web UI
Sub Component:
Version:	0.16
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	unspecified
Target Milestone:	0.17
Assignee:	Dan Callaghan
QA Contact:	tools-bugs
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2014-05-06 23:05 UTC by Dan Callaghan
Modified:	2018-02-06 00:41 UTC (History)
CC List:	5 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:	2014-06-10 23:27:56 UTC
Embargoed:

Attachments	(Terms of Use)

Description Dan Callaghan 2014-05-06 23:05:26 UTC

Version-Release number of selected component (if applicable):
0.16

How reproducible:
always

Steps to Reproduce:
1. Configure Beaker's LDAP integration
2. Create a Beaker account with your e-mail address from LDAP but a different username
3. Log in using your LDAP account

Actual results:
500 response:

Traceback (most recent call last):
  File "/usr/lib/python2.6/site-packages/flask/app.py", line 1817, in wsgi_app
    response = self.full_dispatch_request()
  File "/usr/lib/python2.6/site-packages/flask/app.py", line 1477, in full_dispatch_request
    rv = self.handle_user_exception(e)
  File "/usr/lib/python2.6/site-packages/flask/app.py", line 1381, in handle_user_exception
    reraise(exc_type, exc_value, tb)
  File "/usr/lib/python2.6/site-packages/flask/app.py", line 1473, in full_dispatch_request
    rv = self.preprocess_request()
  File "/usr/lib/python2.6/site-packages/flask/app.py", line 1666, in preprocess_request
    rv = func()
  File "/usr/lib/python2.6/site-packages/bkr/server/identity.py", line 83, in check_authentication
    user = User.by_user_name(user_name.decode('utf8'))
  File "/usr/lib/python2.6/site-packages/bkr/server/model/identity.py", line 180, in by_user_name
    session.flush()
  [...]
IntegrityError: (IntegrityError) (1062, "Duplicate entry 'luliu' for key 'email_address'") 'INSERT INTO tg_user (user_name, email_address, display_name, password, root_password, rootpw_changed, created, disabled, removed) VALUES (%s, %s, %s, %s, %s, %s, %s, %s, %s)' ('luliu', 'luliu', 'Lu Liu', None, None, None, datetime.datetime(2014, 5, 6, 8, 51, 33, 615050), 0, None)

Expected results:
Login should succeed and a user account should be created based on LDAP info.

Additional info:
I think we should just remove the constraint forcing e-mail addresses to be unique. From digging in git it seems we inherited it from TurboGears. Beaker itself never actually looks up people by e-mail address so I don't see any reason why Beaker should care if they are unique.

Removing the unique constraint would also save us a lot of drama in the web UI, which goes to great lengths to validate the uniqueness of e-mail addresses.

Comment 2 Dan Callaghan 2014-05-07 06:29:30 UTC

On Gerrit: http://gerrit.beaker-project.org/3066

Comment 5 Dan Callaghan 2014-06-10 23:27:56 UTC

Beaker 0.17.0 has been released.

Note You need to log in before you can comment on or make changes to this bug.