WP Discourse + missing SSO records

This is probably a question for @simon — I’m having some confusion with missing SSO records, and username issue, for some of our users synced from our WordPress site with WP Discourse.

Somehow we’ve ended up with a bunch of Discourse users with missing SSO records — something like 200+ out of roughly 1500 total users. SSO via WordPress is the ONLY sign-on method we have for Discourse, so seems something has gone wrong.

I suspect this may have something to do with a bulk group import I made.

A little while back I added all our paying subscribers (WordPress users) to a specific group in Discourse, looping through them using the WP Discourse method ‘add_user_to_discourse_group’.

My assumption would be if they didn’t already have an active Discourse account, this would create one linked to their WP account as normal — perhaps that’s not the case? Could this have created Discourse users missing SSO records?

One thing that may be related, and also seems like it could be a bug of some sort — I notice many users with “2” appended to their username in Discourse.

That is, their username in WP is ‘name’ but their username in Discourse somehow got created as ‘name2’. When I search for user ‘name’ in Discourse I don’t see both ‘name’ and ‘name2’ so as far as I can tell it doesn’t seem to be a question of accidental duplicate users, though possible there’s some hidden duplicate logic accidentally triggered on the aforementioned import for whatever reason…

Anyway these users with the extra ‘2’ on their usernames seem to also be among the ones missing SSO records, making me think it’s somehow related.

One other thing, of the ~230 users missing SSO data, I’m seeing ~20 with Discourse status ‘active’ — not even sure how that’s possible, as again, I believe the only way they can log in is via WordPress. (Almost none have posted at all, so seems like it would be safe enough to change their usernames to be the same as the ones in WP…)

Appreciate any thoughts on this. Not urgent (haven’t yet noticed anyone complaining about not being able to log in or anything) but I would like to have correct user data for all our WP users. Would there be some safe way, WP Discourse method or otherwise, to force re-sync SSO records for all users? Thanks!

Yes, it will have to do with having created the users through the add_user_to_discourse_group function. Assuming that everything is working correctly, the users who were created in that way who have not yet logged into Discourse will not yet have SSO records. When they login to Discourse, SSO records will be created for them.

The ‘2’ being appended to the username should only happen if Discourse returns an error saying that the username is already taken when an attempt is made to add a user to Discourse.

The active status should be applied to users who have validated their email addresses on WordPress. It would also be applied to any users who were created before you first installed the WP Discourse plugin.

There are issues with the way this function is working when it’s applied to a lot of users at the same time. I’m going to change all of the functions in the WP Discourse plugin that are creating users through the API so that they use the Discourse sync_sso route instead of making API calls. This will be in the next update to the plugin.

4 Likes

Got it, thanks Simon. So that answers part of my question! Do you have any suggestions for getting to the root of why the ‘2’ appended to usernames might be happening here.

I have a bunch of these, where name = 'string' and username = 'string2'

But when I run:

SELECT *
FROM users u
WHERE username like '%string%'

Only one result comes back, the one where username is string2. So I don’t know where the conflicting usernames would come in. Could they have been somehow temporarily created then deleted? Or some other reason the ‘2’ might be appended.

Also, can you think of why some of these users could be active and have visits / posts read, but still no SSO data? Maybe from initial visit from confirmation email not requiring the SSO login or something like that?

The short answer is that the function wasn’t handling 429 Too Many Request errors properly. I’m sorry for the trouble with this.

If you need a hand fixing the usernames, I can give you a script to clean them up.

From what I understand, users who were created through the add_user_to_discourse_group function shouldn’t have any trouble logging into your forum with SSO. When they do login, they will have an SSO record associated with them. SSO records are associated with existing users through the email address, not the username, so the number appended to the name won’t cause a problem.

The way this function works, and all other functions that are syncing WordPress/Discourse users for sites using SSO will be completely changed in the next update. I’ll try to have that out on Friday. I realize that doesn’t solve your problem. Thanks for letting me know about this.

2 Likes

Thanks for the update Simon, sounds good! Yeah I remember running into the rate limiting with this before I realized those limits existed, I subsequently spaced out the requests and it worked from that point forward but too late in this particular case :slight_smile:

Sure if you have a username fixer script handy I’d be glad to give that a try. Sounds like the username thing won’t have much material impact but I may as well try fixing them now while they mostly haven’t been active yet, try to eliminate any potential source of confusion.

Will stay tuned for the next WP Discourse update!