[AAA-51] AAA does not enforce domain-unique user names Created: 20/Jul/15 Updated: 21/Mar/19 Resolved: 17/May/16 |
|
| Status: | Resolved |
| Project: | aaa |
| Component/s: | General |
| Affects Version/s: | None |
| Fix Version/s: | None |
| Type: | Bug | ||
| Reporter: | Ryan Goulding | Assignee: | Ryan Goulding |
| Resolution: | Done | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Environment: |
Operating System: All |
||
| External issue ID: | 4022 |
| Description |
|
Currently, duplicate user names can be created. However, authentication code leverages getUser() which implies user name uniqueness. User names should be unique. |
| Comments |
| Comment by Ryan Goulding [ 20/Jul/15 ] |
|
Further information: In IdmLightProxy.dbAuthenticate() there is an invocation of getUsers(username). The first user returned is the only one that is ever checked. This implies that username should be unique. A unique username is also helpful for audit trail functionality which will be added later. |
| Comment by Ryan Goulding [ 20/Jul/15 ] |
| Comment by Ryan Goulding [ 22/Jul/15 ] |
|
It was decided to make users unique within the scope of a domain. I.e., there can be two users named ryan, but only one ryan@sdn. ryan@sdn and ryan@coke do not have to refer to the same user. |
| Comment by Ryan Goulding [ 18/Dec/15 ] |
|
This is still an issue. It should be fixed either in the UserStore or in the UserHandler. |
| Comment by Ryan Goulding [ 17/May/16 ] |
|
This is fixed; a 500 internal server error will occur. |
| Comment by Ryan Goulding [ 17/May/16 ] |
|
This is fixed; a 500 internal server error will occur. |