Some Eclipse Foundation services are deprecated, or will be soon. Please ensure you've read this important communication.

Bug 386086

Summary: Require a non-changing userid for both password or openid authenticated accounts
Product: [ECD] Orion Reporter: Simon Kaegi <simon_kaegi>
Component: ClientAssignee: John Arthorne <john.arthorne>
Status: RESOLVED FIXED QA Contact:
Severity: normal    
Priority: P3 CC: malgorzata.tomczyk, Szymon.Brandys
Version: 1.0   
Target Milestone: 1.0 M2   
Hardware: PC   
OS: Windows 7   
Whiteboard:
Bug Depends on: 343264    
Bug Blocks:    

Description Simon Kaegi CLA 2012-07-26 16:27:30 EDT 
A userid is something we will require regardless of how an account is authenticated in order to guarantee a meaningful (and unique) url base for the users files. This means that even when a user registers using openid they will still have to provide us with a userid.

This also means we need to makes changes to prevent changing ones userid as it is now the identity key.
Comment 1 John Arthorne CLA 2012-07-30 15:01:36 EDT 
This won't make M1.
Comment 2 Szymon Brandys CLA 2012-08-02 08:35:20 EDT 
We already have unique userID which is different than user login. The userID can be found in user url, see http://localhost:8080/users/[userId]. For instance my local Orion account with login 'szymon' has url http://localhost:8080/users/C
and userID in this case is 'C'.
Comment 3 John Arthorne CLA 2012-08-27 14:28:41 EDT 
I am working on this now. Currently, we have the following properties for each user:

Id = 8FuSXG7wABEQAYHjxj8dMA (A randomly generated UUID)
UserName = A (A sequentially generated UUID)
Name = John Arthorne (optional user selected display name)
Login = johna (optional credential login - doesn't exist for OpenID accounts)

I propose simplifying this by removing the sequentially generated UUID. For login/password based accounts this will be replaced by the login value. For OpenID accounts we could also allow a "login" to be specified. If none is specified we would use the randomly generated UUID. So we would have either:

Id = 8FuSXG7wABEQAYHjxj8dMA (A randomly generated UUID)
UserName = johna (user selected, globally unique username)
Name = John Arthorne (optional user selected display name)
Login = johna

For an account created with OpenID, we would start with:

Id = 8FuSXG7wABEQAYHjxj8dMA (A randomly generated UUID)
UserName = 8FuSXG7wABEQAYHjxj8dMA (globally unique username)
Name = John Arthorne (optional user selected display name)

Another option is that we remove UserName and have only Id and display name. This would be more limiting because it would prevent us from ever being able to change "username" after account creation.
Comment 4 John Arthorne CLA 2012-08-28 08:59:48 EDT 
I've decided to keep the sequentially generated id, and toss out the random UUID. The sequential Id is consistent with how we treat workspaces and projects. I have also found the code inconsistent and in some places the id is called a username, etc. I am trying to make it consistently as follows:

Id - sequentially generated globally unique ID (e.g., user "A", user "B", etc)
UserName - globally unique nickname that appears in URLs (e.g., "johna", "skaegi", etc)
Name - user selected display name (optional)
Login - only used for login/password authentication. Typically the same as UserName although in theory a single user can have multiple authentications for multiple servers.

As part of this I want to make the bare bones minimal user setup as simple as possible. For example a trial account where someone just wants to give it a spin. Therefore UserName and Name will be treated as optional. If the UserName is not provided, it will be the same as Id.
Comment 6 John Arthorne CLA 2012-08-29 16:51:06 EDT 
These changes were committed to master.