Custom OAuth2 fails for newly created accounts, related to user_emails?

meriksson · 2017-09-05 16:01:06 UTC

I have a custom SSO solution and when I get a new member I manually create a Discourse user for them with the same email as they have set themselves in the other system. For this I use a simple piece of code which runs User.create! and sets a few settings. This has worked perfectly a few hundred times since I began doing it earlier this year. But since about a week it does not work anymore, all new users since then have reported that they are unable to login to Discourse.

Today I finally figured out that the issue is probably due to the email addresses not being set properly. When I inspect the most recently created users, their emails are nil. However, strangely enough their emails are visible from the Discourse admin interface (this made the issue hard to identify—since I could see the email addresses from the GUI, I assumed that they were saved correctly).

When I try to set their email addresses manually (user.email = "..."; user.save), at first looks as if it works, but the user object still has the email attribute set to nil.

Could this possibly have to do with email verification or some such? Has something new along those lines been introduced or modified recently?

In any case, I need a way to create new accounts which also sets email addresses. What is the best way of doing this?

jomaxro · 2017-09-05 16:40:36 UTC

user.email has been deprecated. I believe @sam had point on the deprecation/removal, but he’s now on vacation. If I’m not mistaken, the email field has been moved to the user_emails table.

meriksson · 2017-09-05 16:52:45 UTC

Thanks for the pointer!

I checked and the email addresses are available through user_emails. However, my problem still remains.

Could this change (from email to user_emails) be the reason why SSO login fails for me? I use the Custom OAuth2 option.

LeoMcA · 2017-09-05 19:16:43 UTC

I wrote most of the code, @tgxworld fixed most of the things I broke, and @sam was our guardian angel.

This PR should fix your problem:

meriksson · 2017-09-05 21:13:18 UTC

@LeoMcA—Thanks a lot for looking at this right away and providing a fix!

Judging from the code, this should indeed solve the problem.

However, I do not know how to apply this patch before it gets merged into master and I get it the normal way. Anyone have a pointer for me regarding this?

nixie · 2017-09-05 21:19:50 UTC

@meriksson
I think you will have to just manually update it be going to this URL:
site.com/admin/upgrade

LeoMcA · 2017-09-05 21:38:16 UTC

You can pull from my fork instead of the official repo:

In your app.yml replace this line:

- git clone https://github.com/discourse/discourse-oauth2-basic.git

With:

- git clone https://github.com/LeoMcA/discourse-oauth2-basic.git

And then rebuild your container with:

./launcher rebuild app

Once the fix is merged into the official plugin, you should revert back to pulling from it in your app.yml and rebuild again.

meriksson · 2017-09-05 22:50:37 UTC

Thanks a lot! That worked perfectly for me, SSO login works for newly created accounts.

LeoMcA · 2017-09-07 11:33:59 UTC

@meriksson my fix was just merged into the official plugin, so you’ll want to revert back to using that to receive updates in future.