feat: endpoint for imapd to authenticate against#5295
Conversation
|
Feel free to suggest a different direction for this. |
Codecov Report
@@ Coverage Diff @@
## main #5295 +/- ##
==========================================
+ Coverage 88.61% 88.76% +0.14%
==========================================
Files 294 287 -7
Lines 40061 39701 -360
==========================================
- Hits 35499 35239 -260
+ Misses 4562 4462 -100
... and 16 files with indirect coverage changes Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here. |
There was a problem hiding this comment.
I think we need to fail if User.objects.filter(username__iexact=username).count() > 1 (equivalently, if User.objects.get(username__iexact=username) raises User.MultipleObjectsReturned). Otherwise, if two User records are somehow created with a username collision under iexact, whichever User comes up as first() can log in using either username. Assuming imapd is simply passing the username over as it receives it, it would then allow that password holder to access either account.
This is different from the cases we've dealt with before. If we want to treat it the same way, we would need to report back to imapd not only "success" but the actual username we used in deciding it was a success.
No description provided.