Skip to content

Gh login cant be unique #1109

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 4 commits into from
Oct 9, 2017
Merged

Gh login cant be unique #1109

merged 4 commits into from
Oct 9, 2017

Conversation

carols10cents
Copy link
Member

So I can't deploy to production right now because of the unique index added to users.gh_login.

The values on production for gh_login aren't unique, and here's why:

  • Someone can sign up for github with username whatever.
  • They can sign in to crates.io. We now get their gh_id, say, 3 (which is unique) and their gh_login, whatever. Their user account gets crates.io id 10.
  • They rename or delete their github account, which leaves the username 'whatever' available again. (If they renamed their github account, their gh_id stays stable and we'd migrate their account to their new username next time they log in)
  • Someone else signs up for github with username wHaTeVeR.
  • They can sign in to crates.io. We now get their gh_id, 9000, and their gh_login, wHaTeVeR. Their user account gets crates.io id 10000.

We can't get rid of the first whatever account, because they might sign in again with a renamed account but the same id, and they should be able to still access the crates they own and all that.

All we know is that the account with the latest crates.io id for that lower(gh_login) is the last valid account we know of for that username (and should match the account that you click through to github, as long as they haven't renamed or deleted their github account since).

r? @sgrif

@carols10cents carols10cents force-pushed the gh_login_cant_be_unique branch from fa0b577 to 40ca32d Compare October 7, 2017 22:45
sgrif
sgrif reviewed Oct 8, 2017
View reviewed changes
migrations/2017-10-06-234455_fix_local_dbs_unique_gh_login/up.sql
-- Its sole purpose is to fix the local database of anyone who ran 2017-09-26-200549 locally--
-- that migration can't be run on production because lower(gh_login) isn't unique on production.

CREATE INDEX IF NOT EXISTS index_users_gh_login ON users (gh_login);
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We still want this index to be on the lowercase name though, don't we? Should we have another migration that is along the lines of:

DROP INDEX index_users_gh_login;
CREATE INDEX lower_gh_login ON users (lower(gh_login));

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ah, good call!

@carols10cents carols10cents force-pushed the gh_login_cant_be_unique branch from 05e7b81 to e691e75 Compare October 9, 2017 14:00
@carols10cents
Copy link
Member Author

hows about now @sgrif ?

@sgrif
Copy link
Contributor

sgrif commented Oct 9, 2017

bors: r+

bors-voyager bot added a commit that referenced this pull request Oct 9, 2017
@bors-voyager
Merge #1109
b910144 
1109: Gh login cant be unique r=sgrif

So I can't deploy to production right now because of the unique index added to users.gh_login.

The values on production for gh_login aren't unique, and here's why:

- Someone can sign up for github with username whatever.
- They can sign in to crates.io. We now get their gh_id, say, 3 (which *is* unique) and their gh_login, whatever. Their user account gets crates.io id 10.
- They rename or delete their github account, which leaves the username 'whatever' available again. (If they renamed their github account, their gh_id stays stable and we'd migrate their account to their new username next time they log in)
- Someone else signs up for github with username wHaTeVeR.
- They can sign in to crates.io. We now get their gh_id, 9000, and their gh_login, wHaTeVeR. Their user account gets crates.io id 10000.

We can't get rid of the first whatever account, because they might sign in again with a renamed account but the same id, and they should be able to still access the crates they own and all that. 

All we know is that the account with the latest crates.io id for that lower(gh_login) is the last valid account we know of for that username (and should match the account that you click through to github, as long as they haven't renamed or deleted their github account since).

r? @sgrif
@bors-voyager
Copy link
Contributor

bors-voyager bot commented Oct 9, 2017

Build succeeded

@bors-voyager bors-voyager bot merged commit e691e75 into rust-lang:master Oct 9, 2017
@carols10cents carols10cents deleted the gh_login_cant_be_unique branch October 9, 2017 18:32
This was referenced Oct 10, 2017
Closed
Merged
@carols10cents carols10cents mentioned this pull request Dec 27, 2018
Open
@notriddle notriddle mentioned this pull request Oct 12, 2019
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@sgrif sgrif sgrif left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@carols10cents @sgrif