• GitHub
  • Documentation
  • Discord
  • Donate
search
  • chevron_right Threads
  • label Feedback
  • label Bugs Bug reports

Issues with referencing users - login using oath?

tetricky
May 25, 2023
chat_bubble_outline 6
  • link
    tetricky
    Members 159 posts
    May 25, 2023, 11:24 a.m. May 25, 2023, 11:24 a.m.
    link

    I have discovered an issue with handling users logged in with oath.

    My oauth log in has an ldap backend. The user details are defined by username, email, displayname.

    It is the display name that is displayed in misago as the username. The display name can be "Firstname Lastname". Misago interprets this as "Firstname_Lastname".

    If I go to try to initiate a private message with such a user the "start thread" button remains greyed out. I cannot add such a user to an existing private discussion. I also cannot successfully refer to such a user using @username. Yet the user exists in the site displayed as "Firstname_Lastname"

  • link
    rafalp
    Project Lead 1976 posts
    May 25, 2023, 11:34 a.m. May 25, 2023, 11:34 a.m.
    link

    Interim fix would be changing Misago username handling logic to support underscore we are including in names from OAuth.

    Long term Misago should be updated to support separate „display name”.

  • link
    tetricky
    Members 159 posts
    May 26, 2023, 12:15 p.m. May 26, 2023, 12:15 p.m.
    link

    As an aside to this, what would happen in misago if a user changed their displayname in the ldap database backing the oauth to be the same as a user with the same displayname?

    I can mitigate against this by making change of displayname an admin function, but I would prefer to allow users to be able to change their displayname. But I envisage problems.

  • link
    rafalp
    Project Lead 1976 posts
    May 26, 2023, 12:36 p.m. May 26, 2023, 12:36 p.m.
    link

    AFAIR Misago has collision detection and would append extra unique string at the end of username.

  • link
    tetricky
    Members 159 posts
    May 26, 2023, 10:39 p.m. May 26, 2023, 10:39 p.m.
    link

    Yes. This is tested as working and does prevent a possible spoofing behaviour of malicious users.

  • link
    rafalp
    Project Lead 1976 posts
    May 28, 2023, 12:57 p.m. May 28, 2023, 12:57 p.m.
    link

    Roadmap item: github.com/rafalp/Misago/issues/1623
    PR: github.com/rafalp/Misago/pull/1625

  • link
    tetricky
    Members 159 posts
    May 29, 2023, 12:05 a.m. May 29, 2023, 12:05 a.m.
    link

    I've lightly tested this, and it seems to have solved the issue. I can now invite users with an underscore to private messages.

    Thank you very much. Excellent work.

arrow_upward Go to top
  • This site uses cookies to gather statistical data for use in traffic analysis.
  • GitHub
  • Documentation
  • Discord
  • Donate
  • Terms of service
  • Privacy policy
powered by misago