LDAP login fails when username contains dots - Taiga strips special characters
-
Describe the bug
LDAP authentication fails when the LDAP username contains dots (e.g., john.doe). Taiga strips dots from usernames during user creation, storing johndoe instead of john.doe. On subsequent LDAP logins, the plugin looks up john.doe, doesn't find it, and tries to create a new user, which fails due to duplicate email constraint.
To ReproduceUser with LDAP uid john.doe and email john.doe@example.com logs in for the first time
Taiga creates user with username johndoe (dot stripped)
User logs in again via LDAP
Plugin searches for username john.doe - not found
Plugin tries to create new user - fails with duplicate email errorError Log:
taiga.users.models.User.DoesNotExist: User matching query does not exist. During handling of the above exception, another exception occurred: django.db.utils.IntegrityError: duplicate key value violates unique constraint "users_user_email_243f6e77_uniq" Proposed Fix Option A: Normalize username before lookup (strip dots to match Taiga's behavior) python@transaction.atomic def ldap_register(username: str, email: str, full_name: str): user_model = get_user_model() normalized_username = username.replace('.', '') try: user = user_model.objects.get(username=normalized_username) except user_model.DoesNotExist: user = user_model.objects.create( email=email, username=normalized_username, full_name=full_name ) return user Option B: Lookup by email as fallback python@transaction.atomic def ldap_register(username: str, email: str, full_name: str): user_model = get_user_model() try: user = user_model.objects.get(username=username) except user_model.DoesNotExist: if email: try: user = user_model.objects.get(email=email) return user except user_model.DoesNotExist: pass user = user_model.objects.create( email=email, username=username, full_name=full_name ) return user -
N nebulon marked this topic as a question
-
N nebulon has marked this topic as solved
