Changing username with changeUsername() in talk


#1

When I try to call a changeUsername() on another user, with an admin user’s token, i get NOT_AUTHORIZED.

Can’t I change username for other users with GraphQL? It’s because we’re doing a moderator admin system, and would like that feature.

Br.
David


#2

Hi @plexdk we don’t allow admins to change usernames - only users can change their own username.

Let me know what you’re trying to do, and I can probably point you in the right direction!


#3

We are a newspaper located in denmark, providing both print and online news

Because of this, we are providing an admin page for the user, where they can control their various subscription options and settings - and hereby also comment settings. That means we want to be able to change the users username (displayed in comments), by doing a graphql call, when they change their nickname on the newspapers settings page.

I found the following line of code in the source:
if (user.status.username.status !== ‘REJECTED’) {
throw new ErrPermissionUpdateUsername();
}

So I guess its not possible to change the username unless its rejected? Do you have any other suggestions?

Please notice that we use an auth token plugin, for external authentication.


#4

Oh I see - great! I believe this is possible - your best thing to do is post this on our Github issues so someone can assist you there!

https://github.com/coralproject/talk/issues/new


#5

Ok, thanks =) I’ll try that


#6

@plexdk
I’m pretty new to talk/js/node but encountered the same question - there is a function called setUsernameStatus… so it would be possible to set the status to rejected, then change the username and then not to forget set the state back to the initial value or ‘SET’.
I’m just not sure if this would be the way it should be done :smiley:

I’ve decided to go with the findOneAndUpdate function of the user model hopying that this is the ‘cleaner’ solution

Hope it helps
Chris


#7

Hi,

Yeah, that is exactly the same problem we ran into. If you have made a plugin for changing username, is it possible you could share it with us? :slight_smile: Thanks!

Cheers,
David.


#8

Well, i’m not sure if this is the same context, we’re one way syncing the username when the tokenUserNotFound Hook is called.

 const UserModel = require('models/user');
 const synchronizeUsername = async (user, username) => {
   if (user.username !== username) {
     user = await UserModel.findOneAndUpdate(
       {
         id: user.id,
       },
       {
         $set: {
           username: username,
           lowercaseUsername: username.toLowerCase(),
         },
         $push: {
           'status.username.history': {
             status: 'SET',
             assigned_by: null,
           },
         },
       }
     );
   }
   return user;
 };

where the variable user is an user Entity and username the new username String (which was validated beforehand).

BTW: I’m happy for any kind of constructive critic. :slight_smile:

Does this help you @plexdk?

Cheers
Chris


#9

Hi @oafx
Are you using this to update usernames after first user creation?

Best,
Jesper


#10

@tegner yes and whenever the username in our portal/sso has changed


#11

@oafx thank you for the quick reply - is just seems like I can’t get tokenUserNotFound to be fired after first creation. At least I see nothing in the console.
Could you possibly share the full tokenUserNotFound implementation you are using?

Thanks,
Jesper


#12

@tegner
i’d have to discuss this with my team(lead) first… just to be sure.
A pitfall that I stumbled over was that talk fails pretty much silently if your JWT isn’t “well-formed”, in my experience, and the tokenUserNotFound hook isn’t called in this case.

To debug this you can i.e. temporarily add debug(err) to the passport.js (Line: 271ff)

JwtStrategy.JwtVerifier = (token, secretOrKey, options, callback) => {
  return jwt.verify(token, options, (err, jwt) => {
    if (err) {
      //here:
      debug(err);
      return callback(err);
    }

    // Attach the original token onto the payload.
    return callback(false, { token, jwt });
  });
};

maybe this helps but i’ll discuss our code sharing policies with my lead anyways.


#13

@oafx
Thanks, I’ve tried adding some debug here and there in the base code.
It seems that I hit findOrCreateByIDToken in user.js and then when the user is found the tokenUserNotFound hook is never fired - which makes sense to me, since the user exists already.
Thats why I was interested in knowing how you solved it :slight_smile:


#14

hi @tegner, I’ve sent you a private message with our tokenUserNotFound hook implementation. :slight_smile: