Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Remove password credential from user when they link an external account #5382

Merged
merged 6 commits into from
Feb 6, 2018
Merged

Remove password credential from user when they link an external account #5382

merged 6 commits into from
Feb 6, 2018

Conversation

scottbommarito
Copy link
Contributor

Short addition to #5338

chenriksson
chenriksson approved these changes Feb 2, 2018
View reviewed changes
src/NuGetGallery/Controllers/AuthenticationController.cs Outdated
@@ -536,6 +536,12 @@ private ActionResult RedirectFromRegister(string returnUrl)

await _authService.AddCredential(user.User, result.Credential);

var passwordCredential = user.User.Credentials.SingleOrDefault(c => c.IsPassword());
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Extension method?

public static CredentialTypes {
    public static GetPassword(this IEnumerable<Credential> credentials);
}

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

done, although I put it on User itself because I can't imagine anything else having a list of credentials

src/NuGetGallery/Controllers/AuthenticationController.cs Outdated
var passwordCredential = user.User.Credentials.SingleOrDefault(c => c.IsPassword());
if (passwordCredential != null)
{
await _authService.RemoveCredential(user.User, passwordCredential);
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do we want this in the same transaction as AddCredential? Should the APIs support deferring the SaveChangesAsync?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think if removing the password fails, we should still proceed with the request, just leave the credential there--no need to remove a perfectly valid external credential.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is probably also a problem with @shishirx34's link and replace flow, where I based this code off of.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I agree it would be much better to have an API for AddExternalAndRemovePasswordCredential but I think its fine, for now, to leave it as is. I won't say it be high priority right now.

shishirx34
shishirx34 reviewed Feb 2, 2018
View reviewed changes
src/NuGetGallery/Controllers/AuthenticationController.cs Outdated
@@ -401,7 +401,7 @@ public ActionResult ChallengeAuthentication(string returnUrl, string provider)
await _authService.CreateSessionAsync(OwinContext, authenticatedUser);

// Remove the password credential after linking to external account.
var passwordCred = user.Credentials.SingleOrDefault(c => c.IsPassword());
var passwordCred = user.GetPassword();
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nit: perhaps GetPasswordCredential be more appropriate? GetPassword seems like we are getting the password value. Don't care though.

@scottbommarito scottbommarito merged commit 743616f into dev Feb 6, 2018
@scottbommarito scottbommarito deleted the sb-removepasswordonlink branch February 6, 2018 19:45
@scottbommarito scottbommarito restored the sb-removepasswordonlink branch July 22, 2019 23:20
@scottbommarito scottbommarito deleted the sb-removepasswordonlink branch July 22, 2019 23:22
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@shishirx34 shishirx34 shishirx34 approved these changes

@chenriksson chenriksson chenriksson approved these changes

@joelverhagen joelverhagen Awaiting requested review from joelverhagen

@agr agr Awaiting requested review from agr

@loic-sharma loic-sharma Awaiting requested review from loic-sharma

@xavierdecoster xavierdecoster Awaiting requested review from xavierdecoster

@nugetlurker nugetlurker Awaiting requested review from nugetlurker

@ryuyu ryuyu Awaiting requested review from ryuyu

@anangaur anangaur Awaiting requested review from anangaur

@cristinamanum cristinamanum Awaiting requested review from cristinamanum

@skofman1 skofman1 Awaiting requested review from skofman1

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@scottbommarito @shishirx34 @chenriksson