question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Do not allow users to change username when logging for the first time

See original GitHub issue

Is your enhancement related to a problem? Please describe.

We have a Che operator 7.14.2 installed an OCP cluster with the following configuration:

  auth:
    externalIdentityProvider: false
    openShiftoAuth: true
  server:
    customCheProperties:
      CHE_INFRA_KUBERNETES_NAMESPACE_DEFAULT: <username>-code
    allowUserDefinedWorkspaceNamespaces: false

Each user has <openshift-username>-code namespace pre-created. When a user is trying to login into Che Dashboard the very first time Che’s Keycloak shows the following form:

che

And now if the user edit the username and use another username (not OpenShift username) then he won’t be able to start a workspace because Che tries to use not-existing namespace to create a workspace: <che-username>-code instead of `<openshift-username>-code.

Describe the solution you’d like

Ideally, user should not be asked to re-enter username, email, names when loging to Che at all. Che just should use the user from OpenShift. Email and Name is not available in OpenShift, but why Che needs them? If it needs them for Git commits or something then it should ask it when/if actually needed. Not in advance.

But at least we should have an option to forbid users to change usernames during Che login because it breaks users.

Issue Analytics

  • State:closed
  • Created 3 years ago
  • Comments:28 (24 by maintainers)

github_iconTop GitHub Comments

4reactions
tolushacommented, Jul 27, 2020

@ibuziuk I see. We can improve it. I will plan for the next sprint.

1reaction
tolushacommented, Oct 2, 2020

@ibuziuk By default 7.19.0 adds check if username complies DNS naming convention. If you would like make username uneditable then you have to login into keycloak and change login theme to che-username-readonly

Read more comments on GitHub >

github_iconTop Results From Across the Web

Is it good or bad practice to allow a user to change their ...
It is a good idea to maintain an audit trail of username changes and disallow the creation of new accounts that use a...
Read more >
Must change password before logging in the first time
Hello, I have a recent issue with my terminal server. Today I created a new user and checked the option for that user...
Read more >
Why should usernames be unchangable? - Stack Overflow
If you don't allow people to change their usernames then some people are just going to create new accounts. I don't see any...
Read more >
Considerations for Editing Users - Salesforce Help
Be aware of these behaviors when editing users. ... Keep in mind that Salesforce Customer Support can't change usernames or deactivate users from...
Read more >
How to Hide or Show User Accounts from Login Screen on ...
To do this, check that in the Computer Configuration -> Windows Settings -> Security Settings -> Local Policies -> Security Options the ...
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found