Comments (5)
datamweb
commented on June 22, 2024
1
I thought about this a bit, we can add a prefix to username.
In addition, we can add a session or event so that if the user's login is OAuth, the user will be reminded to change his username(or any data) if needed.
I have pinned this topic, I will wait for a while, maybe we will get another feedback, otherwise we will proceed as I explained above.
from shield-oauth.
datamweb
commented on June 22, 2024
Hi @mullernato ,
Thank you very much for your report.
The process of checking the existence of a user in the database is done by looking up the email in the table. If the user with the desired email is in the table (provided that config(ShieldOAuthConfig::class)->syncingUserInfo is active), the information will be updated in the table every time user login, and if there is no user with the email, a new user will be registered.
It was expected that the username would be registered with some suffix to differentiate it from an existing user.
Your solution is good, but as long as the shield settings are for user login with email and password, if login is with username and password, the user cannot login because he/she does not know that an suffix has been automatically added to username. to be Unless it is assumed that we will not have login with username and password, which is definitely not a good assumption.
Do you have any other opinion with the above explanation? thoughts?
from shield-oauth.
mullernato
commented on June 22, 2024
Here in my system the user has 2 login/registration options:
- using email and password using Shield with only email and password. obs. Login with username is not allowed.
- using google auth with your ShieldOAuth script.
The Shield requires a username in the register, and in the database table it cannot be duplicated, even if it is irrelevant for use, so I thought of putting a suffix in case of duplicity, as the user will not use this username to login.
And also the user will be able to change it in a user settings panel in my use case.
from shield-oauth.
mullernato
commented on June 22, 2024
even though it's not my case but if two people register using google oauth or any other oauth and they have the same first name it will result in this username already exists error.
to my case I change the Library GoogleOAuth.php setColumnsName function to:
protected function setColumnsName(string $nameOfProcess, $userInfo): array
{
if ($nameOfProcess === 'syncingUserInfo') {
$usersColumnsName = [
$this->config->usersColumnsName['first_name'] => $userInfo->given_name,
$this->config->usersColumnsName['last_name'] => $userInfo->family_name,
$this->config->usersColumnsName['avatar'] => $userInfo->picture,
];
}
if ($nameOfProcess === 'newUser') {
$usersColumnsName = [
// users tbl // OAuth
'username' => $this->genUsername($userInfo->name),
'email' => $userInfo->email,
'password' => random_string('crypto', 32),
'active' => $userInfo->email_verified,
$this->config->usersColumnsName['first_name'] => $userInfo->given_name,
$this->config->usersColumnsName['last_name'] => $userInfo->family_name,
$this->config->usersColumnsName['avatar'] => $userInfo->picture,
];
}
return $usersColumnsName;
}
protected function genUsername($name) : string
{
// change all spaces, underscores, dots, dashes, etc. to a single underscore
// and make it lowercase
$name = preg_replace('/\s+/', '_', $name);
$name = preg_replace('/[^A-Za-z0-9\_]/', '', $name);
$name = strtolower($name);
//add 2 random numbers to the end of the username to prevent duplicates separate by underscore
$name = $name . '_' . rand(10, 99);
return 'g_'.$name;
}from shield-oauth.
datamweb
commented on June 22, 2024
@mullernato PR #58 solved this issue by replacing email for username. Check if you can.
from shield-oauth.
Related Issues (13)
- 92 : HTTP/2 stream 0 was not closed cleanly: Unknown error code (err 2) HOT 8
- Alow to configure shield-oauth inside a module HOT 3
- Microsoft OAuth Service HOT 1
- Bug: Error when syncingUserInfo
- Bug: [Register] Undefined property: stdClass::$family_name
- Bug: failure to display the CI debugging tools
- Dev: add code QC tools
- Dev: CLI `make:oauth` To quickly build other OAuth HOT 2
- Using email as auth identity is unreliable HOT 1
- Bug: error when run: php spark shield:model UserModel HOT 1
- 92 : HTTP/2 stream 0 was not closed cleanly: INTERNAL_ERROR (err 2) HOT 3
- Bug: ShieldOAuthModel not initializing parent HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from shield-oauth.