SSO Authentication Issue with differently cased emails


#1

Today, I had a case of a member that would be redirected to the “confirm your email address” page every time they signed in to Discourse. They are able to sign in to other assets that use our authentication method just fine.

After some digging, we found that the email address stored in Discourse and on our authentication server had capital letters which they don’t actually type when signing in to anything. I had the member change their ID to lowercase and now they can sign in to Discourse without a problem.

I asked my authentication dude if I should send a ticket to him and he recommended i notify you guys as this “seems like a Discourse issue.”


Community login issue
(Jeff Atwood) #2

Hmm did we regress here @LeoMcA ? Make sure your code is case independent for many-to-one emails to users.


(Alan Tan) #4

@LeoMcA added an unique index so we’re safe on this front.


(Alan Tan) #5

@Martin_Cash There were some regressions we introduced when introducing multiple email address per user support. Usually all emails are downcased before being saved into the database but our code was incorrectly skipping validations. This should be resolved in

but do let me know if you run into this again.


(Jeff Atwood) #6