Opened 14 years ago
Closed 13 years ago
#47 closed defect (fixed)
It is possible to register 2 accounts with same email address
Reported by: | Sebastian Spaeth | Owned by: | Elrond |
---|---|---|---|
Priority: | minor | Milestone: | 0.3.0 |
Component: | programming | Keywords: | |
Cc: | Parent Tickets: |
Description
We can currently register two accounts with the same email address. I am not sure if this is a feature or a bug, but it will be fun when we implement the "forgot password" functionality. Can this be limited on the database level or where would one check the uniqueness?
Attachments (1)
Change History (22)
comment:2 by , 14 years ago
`http://www.mongodb.org/display/DOCS/Indexes#Indexes-UniqueIndexes <http://www.mongodb.org/display/DOCS/Indexes#Indexes-UniqueIndexes>`_ I wonder if we could use this to fix the race condition?
comment:3 by , 14 years ago
That would help with the duplicate username thing for sure. I guess having an index on the username will be good anyway for performance reaosons. It won't help with the email issue, as we need to check for case-insensitive uniqueness.
comment:4 by , 14 years ago
There's an easy way to handle case insensitivity in email and that's to do string.lower() on all email operations before we commit changes to email addresses (?)
comment:5 by , 14 years ago
:: <spaetz> paroneayea: email duplication is not *that* trivial :) [08:49] <spaetz> "The local-part of an address, is defined to be opaque to intermediate mail relay systems except the final mailbox host. For example, it must not be assumed to be case-insensitive." <spaetz> ^^^wikipedia. But usually it should be easiest to just assume case-insensitivity <paroneayea> spaetz: well <paroneayea> we could store the email value twice [08:50] <spaetz> I seriously doubt we would run in trouble :) <paroneayea> once for the lowercased one <paroneayea> which we could use to force uniqueness <paroneayea> but yeah I don't think it matters <spaetz> right, that we could do. <paroneayea> forcing to lowercase for now is good enough <spaetz> I don't think it matters either <Elrond> I would just lowercase the hostname and be done. If people want to register multiple users, they'll surely find some email address dispenser. We can probably just do what Elrond says.
comment:7 by , 14 years ago
Component: | → Programming |
---|---|
Owner: | set to |
by , 14 years ago
Attachment: | 0004-Checks-if-the-email-lowercase-have-been-used-before-.patch.tar.gz added |
---|
0004-Checks-if-the-email-lowercase-have-been-used-before-.patch.tar.gz
comment:7 by , 14 years ago
Status: | New → In Progress |
---|
Now we can check if the email have used by another user and displays the error, the email is lowercased before checking into the database. which must be good enough.
comment:9 by , 13 years ago
Milestone: | 0.0.3 → 0.0.4 |
---|
comment:9 by , 13 years ago
Milestone: | 0.0.4 → 0.0.5 |
---|
We release 0.0.4, so I'm bumping this to 0.0.5.
comment:10 by , 13 years ago
Alejandro's patch needs review. I would use a warning more like, :: Sorry, that email address is already assigned. Hm, perhaps we need a process to handle malicious squatting, but that would be a new ticket. Otherwise, besides this: :: error: patch failed: mediagoblin/auth/views.py:39 error: mediagoblin/auth/views.py: patch does not apply Alejandro's code gets a +1 from me.
comment:12 by , 13 years ago
Owner: | changed from | to
---|---|
Status: | Closed → In Progress |
I have to reopen this. :: - user['email'] = request.POST['email'] + user['email'] = request.POST['email'].lower() The part before the @ is case sensitive. At least I'm 99% sure. Most MTAs/MDAs don't care for it, that's right. But AFAIK the standard says, it is case sensitive! (And I even know unixy people, for which it is partly case sensitive!)
comment:13 by , 13 years ago
Milestone: | 0.0.5 → 0.1.0 |
---|
comment:13 by , 13 years ago
Milestone: | 0.1.0 → 0.2.0 |
---|
Man, this is so old and seems so easy to fix. Does anyone want to do it?
comment:14 by , 13 years ago
I don't see what is important in this issue (user's convenience or easy sock-puppets), so just a mention: `user@example.com <mailto:user@example.com>`_ can be the same account as `user+abc@example.com <mailto:user+abc@example.com>`_.
comment:15 by , 13 years ago
Milestone: | 0.2.0 → 0.2.1 |
---|
comment:15 by , 13 years ago
Owner: | changed from | to
---|
1) Okay, I'm trying to take care of this. Should really be simple. I'll just lowercase everything after the first "@". 2) Aleksej Serdjukov: Could you please elaborate (possibly on irc) what you want to say with your statement?
comment:16 by , 13 years ago
The original url for this bug was http://bugs.foocorp.net/issues/320 .
comment:17 by , 13 years ago
Milestone: | 0.2.1 → 0.2.2 |
---|---|
Resolution: | → fixed |
Status: | accepted → closed |
Commit: 53280164e2ebb5856a6f25d14f27439855f99dbb
Note:
See TracTickets
for help on using tickets.