Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

User with same email on different tenants not possible #23

Open
silveltman opened this issue Oct 5, 2023 · 1 comment
Open

User with same email on different tenants not possible #23

silveltman opened this issue Oct 5, 2023 · 1 comment

Comments

@silveltman
Copy link

silveltman commented Oct 5, 2023
edited
Loading

When a user is created in a specific tenant, it cannot be created with the same email on another tenant. For backend users (user editing via the payload admin panel) this is not a problem, but it is a problem for front-end users (customers that log into an ecommerce site).

As I see it we can fix this in a couple of ways:

  1. Allow for multiple users with the same email, while they have a different ID (seems vulnerable and don't think this is possible with payload)
  2. Have the tenancy plugin add the tenant slug before of after the email, so test@gmail becomes [email protected].
  3. Have the tenancy plugin create a sepereate auth collection for each tenant. I think this is the best option of the 3, so let me elaborate:

How I see option 3 would start by adding a config option to this plugin which allows us to choose which auth collection should be used to set the tenant and filter the docs in each collection. So:

plugins: [tenancy({ authCollection: "users" })],

Then we can create a seperate auth collection in payload for the frontend, which we call customers in this case.

This plugin would then need to create a collection named mytenant-customers and route the api request to the correct ones.

Pro: seems like easiest of the 3 to make
Con: Not in line with the nature of this plugin, which is filtering the same collection, not creating new ones

Would love to hear what you think!
@joas8211
Copy link
Owner

joas8211 commented Oct 9, 2023

This is definitely an interesting problem. Some thoughts:

  • Option 1 wouldn't work. I tried and it seems that auth collection email field is not modifiable.
  • Option 2 can be done probably, although the value in the database would then be incorrect and would be corrected using hooks. I think it's sub-optimal.
  • Option 3 is problematic since collections cannot be added at runtime.
  • I was thinking, that what if users are promoted to root tenant. Then they would be able to access any tenant with the same account. That might be problematic in large number of cases though where the user thinks they are registering to a single service.
  • Best solution I think is to open issue in Payload's repository for improvement to the core to allow modification of email field. That way the email field can be set to non-unique. There needs to be custom validation in that case to disallow multiple account with the same email on same tenant. But that should be it.

@dylankuipers dylankuipers mentioned this issue Oct 9, 2023
Closed
@joas8211 joas8211 mentioned this issue Oct 29, 2023
Closed
5 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@joas8211 @silveltman