Logging into a placeholder person OOPSes if email address already on another person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Launchpad itself |
Triaged
|
Critical
|
Unassigned |
Bug Description
Logging into Launchpad for the first time with a new SSO account can crash like OOPS-2652a3a7880bdf5d99969a6bb2df088e if the SSO account has a username set and the SSO preferred email address is already associated with another Launchpad person (eg. an account automatically created by a package upload, or an account that has been deactivated and its corresponding SSO account deleted).
1) An LP person A is created with the user's email address.
2) User creates SSO account with that email address
3) User sets their SSO username, which creates an LP person B with AccountStatus.
4) User tries to log into LP. getOrCreateByOp
If A is an unactivated autocreated person, an admin can use https:/
If A isn't unactivated and autocreated, more discretion is required.
Changed in launchpad: | |
status: | Triaged → New |
status: | New → Confirmed |
status: | Confirmed → New |
information type: | Public → Private Security |
summary: |
- Logging into a placeholder person OOPSes if email address already on - another person + Logging into flecken |
Changed in launchpad: | |
assignee: | nobody → flecken (devil6) |
information type: | Private Security → Public |
summary: |
- Logging into flecken + Logging into a placeholder person OOPSes if email address already on + another person |
Changed in launchpad: | |
assignee: | flecken (devil6) → nobody |
status: | New → Triaged |
To resolve the common case of an autocreated Unactivated A, we could have getOrCreateOpen IDIdentifier rename B account away, rename A into its place, transfer the OpenID identifier across, request a B -> A merge, then activate and log into A.
Other cases are probably rare enough that they can be handled manually; we should reject the login like we do in the team email address case. If A is active then the user can work around it by using their other SSO account, and a manual B -> A merge will unbreak things.
If A is deactivated, we probably don't want to reactivate it; we might want to have a way for an admin to erase the email addresses and OpenID identifiers from a deactivated account to give a user a fresh start, or just use the classic merge to lp-void approach.