Allow plugin to define existing email strategy

authentication
sonarqube

(Bart Devriendt) #1

We are using the crowd plugin for authenticating users. When a new user logs in the user automatically gets created. Problem is when a new user (read username) logs in with an e-mail address that is not unique the user is not created and authentication fails. In our organisation a person can have multiple user accounts with the same e-mail address attached to it (for example a personal user and a technical/functional user or an admin user). It would be great if a SecurityRealm allows to provide the strategy for duplicate email addresses (and even allow duplicate email addresses to exist in the db), instead of hardcoding it in RealmAuthenticator class.


(G Ann Campbell) #2

Hi,

I think this is what you’re looking for:

https://jira.sonarsource.com/browse/SONAR-10652

It’s fixed in 7.2.

Ann


(Bart Devriendt) #3

Hi,

We are currently on v6.7.2 but I evaluated the latest code published on github and I deducted from there it seems impossible to use 2 accounts with the same e-mail address in a non-oauth scenario. The reason for that is the hardcoded FORBID option on the email strategy. The debug logging says clearly “email … already in use” when a new user wants to login. There is no exception like the one mentioned in SONAR-10652.

Bart


(Julien Lancelot) #4

Hi,

Indeed, as Crowd is using the SecurityRealm API (same as LDAP), it’s not possible have multiple account with the same email.
With OAuth2, we’ve introduced a feature that allow a user to “steal” the email from another account (supposing it’s the same person as he’s using the same email), but nothing as been done for SecurityRealm.

To give more context, it’s not possible for the moment in SonarQube to have same email for multiple account because for the issue auto assign feature we need to find one user having the email from SCM.


LDAP users with same email