Changing primary GitHub email address also changes DataHub ID

Question

Changing primary GitHub email address also changes DataHub ID

zaneselvans opened this issue 6 years ago · comments

I have a personal and a work email address associated with my GitHub account. When I first signed into DataHub, using my GitHub account, my personal email address was the primary address on my GitHub account. Subsequently, I changed my work address to be my primary address at GitHub. Now when I log in to DataHub with my GitHub account, I am assigned a different ID (zaneselvans1 instead of zaneselvans) and the system treats me as if I am a completely new and different user. The datasets which I had previously uploaded are not available, etc.

How to reproduce

Create a GitHub account
Add more than 1 verified email address to the GitHub account.
Sign in to DataHub using GitHub, creating a new DataHub account.
Change some stuff i nyour DataHub account.
Sign out of DataHub.
Change which email address is listed as your primary ID on GitHub.
Sign into DataHub again, using GitHub

Expected behavior

So far as I understand it, I have only a single identity at GitHub, with two emails associated with that ID -- everything I do at GitHub comes with the username zaneselvans -- I expected DataHub to treat me as a single person as well, and simply use GitHub as the identity provider / authenticator. In that scenario, I wouldn't think that any changes to my GitHub account ought to change my apparent identity at any other site where I log in using GitHub...

Anuar Ustayev (aka Anu) · Answer 1 · Thu Nov 01 2018 16:29:24 GMT+0800 (China Standard Time)

@zaneselvans thanks for reporting this 👍
cc/ @akariv and @zelima

Irakli Mchedlishvili · Answer 2 · Thu Nov 01 2018 21:23:19 GMT+0800 (China Standard Time)

@zaneselvans This is something we have not considered from the beginning and probably worth considering. Until now we were just grabbing primary emails and according to that creating the User on datahub.

Even though this might be the extremely rare case, but what if somebody has same secondary emails across multiple git accounts Eg:

the user registers on datahub with git account that has example@email.com as a primary email
after it changes the primary email to another_example@email.com
A bit later creates another account with yet_another_example@email.com
and adds the first email example@email.com as a secondary email to 2nd git account with yet_another_eample@email.com

This way user won't be able to create a new user on datahub

Anyway here's PR fixing the first problem datopian/auth#32

@akariv WDYT?

Adam Kariv · Answer 3 · Wed Nov 07 2018 15:16:58 GMT+0800 (China Standard Time)

Generally DataHub uses the email address as the unique identifier of the account, and not the GitHub account id. It uses GitHub (or Google) just to fetch and authenticate the email address. It might be possible to allow users to change their email address, but it needs proper analysis (to see what breaks if we do this). Either way your PR is a good workaround for this problem, so now approved.

…

On Thu, Nov 1, 2018 at 4:00 PM Irakli Mchedlishvili < ***@***.***> wrote: @zaneselvans <https://github.com/zaneselvans> This is something we have not considered from the beginning and probably worth considering. Until now we were just grabbing primary emails and according to that creating the User on datahub. Even though this might be the extremely rare case, but what if somebody has same secondary emails across multiple git accounts Eg: 1. the user registers on datahub with git account that has ***@***.*** as a primary email 2. after it changes the primary email to ***@***.*** 3. A bit later creates another account with ***@***.*** 4. and adds the first email ***@***.*** as a secondary email to 2nd git account with ***@***.*** This way user won't be able to create a new user on datahub Anyway here's PR fixing the first problem datopian/auth#32 <datopian/auth#32> @akariv <https://github.com/akariv> WDYT? — You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub <#244 (comment)>, or mute the thread <https://github.com/notifications/unsubscribe-auth/AAQMdb_gPGtuF03uTt_rAY4hbCmsH0Seks5uqv51gaJpZM4X4mcV> .

Irakli Mchedlishvili · Answer 4 · Wed Nov 07 2018 15:22:00 GMT+0800 (China Standard Time)

@zaneselvans I'm gonna remove zaneselvans1 from the database so thet you continue using your old zaneselvans one. Please confirm you don't have anything published there that you want to backup before I do so and close issue

Zane Selvans · Answer 5 · Thu Nov 08 2018 15:57:32 GMT+0800 (China Standard Time)

I have nothing saved under the zaneselvans1 account -- I saw the disconnect and haven't touched anything since then.

Irakli Mchedlishvili · Answer 6 · Thu Nov 08 2018 16:05:20 GMT+0800 (China Standard Time)

FIXED. zaneselvans1 is removed