-
-
Notifications
You must be signed in to change notification settings - Fork 4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Login social: If a twitter account doesn't have an e-mail, JHipster sets the wrong user_id #4024
Comments
Is this linked to #3511 ? |
It's related to it, but it's slightly different. #3511 claims to allow the e-mail address to be null. |
In order to reproduce it without two Twitter accounts, you have to set admin's email to null. Then login with Twitter and it will say you logged in as admin! Definitely not good |
Yes good catch! |
yo-rc.json.zip
Overview of the issue
If a twitter account doesn't have an e-mail, JHipster sets the wrong user_id in the jhi_social_user_connection table. This user_id belongs to the wrong user.
Motivation for or Use Case
Setting the user_id that belongs to another user is a really bad thing :-)
Reproduce the error
Related issues
Not applicable
Suggest a Fix
The problem lays in the method createUserIfNotExist(UserProfile userProfile, String langKey, TipoUsuario tipoUsuario, String providerId), in class SocialService:
Suggested fix: just test if the email address is not empty:
JHipster Version(s)
3.4.2
JHipster configuration, a
.yo-rc.json
file generated in the root folder{
"generator-jhipster": {
"jhipsterVersion": "3.4.2",
"baseName": "tc",
"packageName": "com.tc",
"packageFolder": "com/tc",
"serverPort": "8080",
"authenticationType": "session",
"hibernateCache": "hazelcast",
"clusteredHttpSession": "hazelcast",
"websocket": "spring-websocket",
"databaseType": "sql",
"devDatabaseType": "mysql",
"prodDatabaseType": "mysql",
"searchEngine": "no",
"buildTool": "maven",
"enableSocialSignIn": true,
"rememberMeKey": "3f987da705ca593beefbc9c6ef079575463b6d01",
"useSass": false,
"applicationType": "monolith",
"testFrameworks": [
"protractor"
],
"jhiPrefix": "jhi",
"enableTranslation": false
}
}
Entity configuration(s)
entityName.json
files generated in the.jhipster
directoryNot applicable
Browsers and Operating System
Not applicable
The text was updated successfully, but these errors were encountered: