Public bug reported:
Hi,
One of our users complained being rejected with 403 Unauthorized when moderating a list he's an owner of.
We're using Ubuntu SSO for login purposes, and we noticed they had an uppercase letter in their email in both account_emailaddress and auth_user tables. We asked them to add the lowercase version of their email and remove the other one, but mailman complained email address is already attached to their account.
We then did some db surgery, updating their email to the lowercase version in both tables, and it resolved their issue.
Authentication should probably do a case-insensitive check of login email against auth database. We're using mailman version: 3.1.1-9 Ubuntu package
On a sidenote: email address was in both account_emailaddress and auth_user, auth_user could also be updated, so it uses account_emailaddress.id instead of having duplicate data.
Could you please let us know if there are other occurrences of email in the schema, and if we should replicate our manual changes in some other tables for our user ?
Thank you! Loïc
** Affects: mailman Importance: Undecided Status: New
Mailman 3 issues should be reported at the appropriate gitlab project, probably https://gitlab.com/mailman/django-mailman3/-/issues in this case. This tracker is for Mailman 2.1 only. As it says at https://launchpad.net/mailman
Please continue to use Launchpad for all bugs, code, and merge proposals for Mailman 2.1.
Please head over to Gitlab at https://gitlab.com/mailman for all bugs, code, and merge requests for Mailman 3.
** Changed in: mailman Status: New => Invalid
** Changed in: mailman Milestone: 3.1 => None
Thanks Mark, I've opened https://gitlab.com/mailman/django-mailman3/-/issues/53
** Bug watch added: gitlab.com/mailman/django-mailman3/-/issues #53 https://gitlab.com/mailman/django-mailman3/-/issues/53
-
Loïc Gomez -
Mark Sapiro