Public bug reported:
Hi,
One of our users complained being rejected with 403 Unauthorized when
moderating a list he's an owner of.
We're using Ubuntu SSO for login purposes, and we noticed they had an
uppercase letter in their email in both account_emailaddress and
auth_user tables. We asked them to add the lowercase version of their
email and remove the other one, but mailman complained email address is
already attached to their account.
We then did some db surgery, updating their email to the lowercase
version in both tables, and it resolved their issue.
Authentication should probably do a case-insensitive check of login email
against auth database.
We're using mailman version: 3.1.1-9 Ubuntu package
On a sidenote: email address was in both account_emailaddress and
auth_user, auth_user could also be updated, so it uses
account_emailaddress.id instead of having duplicate data.
Could you please let us know if there are other occurrences of email in
the schema, and if we should replicate our manual changes in some other
tables for our user ?
Thank you!
Loïc
** Affects: mailman
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Mailman
Coders, which is subscribed to GNU Mailman.
https://bugs.launchpad.net/bugs/1952755
Title:
Permissions checks should be case-insensitive against login email
To manage notifications about this bug go to:
https://bugs.launchpad.net/mailman/+bug/1952755/+subscriptions
_______________________________________________
Mailman-coders mailing list -- [email protected]
To unsubscribe send an email to [email protected]
https://mail.python.org/mailman3/lists/mailman-coders.python.org/
Member address: [email protected]
