Details
-
Bug
-
Resolution: Fixed
-
Low
-
None
-
None
-
None
Description
When using a custom authenticator, Fisheye will
1. query the database for a user with the entered username
2. if none is found, it will query the custom authenticator
3. if the custom authenticator returns an authtoken, it will create a user in the database based on the username in the authtoken. (NOT the entered username)
This is a problem if the username returned by the authenticator is different to the username entered. On next login, this will happen:
1. database will be queried for entered username
2. authenticator will be queried
3. will attempt to create user again, but will fail and blow up because user already exists.
Ideally we should check if the user with the username returned by the authenticator exists before trying to create it again.