It is possible to register 2 accounts with same email address

[Sebastian Spaeth]

We can currently register two accounts with the same email address.
I am not sure if this is a feature or a bug, but it will be fun
when we implement the "forgot password" functionality. Can this be
limited on the database level or where would one check the
uniqueness?

[Sebastian Spaeth]

BTW, when implementing this, the related user name uniqueness check
is not race-proof. It first checks if the name exists and later
creates the user name. So if 2 users create the same name in a
short time, we might end up with duplicate user names. Just
something to consider.

[Christopher Allan Webber]

`http://www.mongodb.org/display/DOCS/Indexes#Indexes-UniqueIndexes <http://www.mongodb.org/display/DOCS/Indexes#Indexes-UniqueIndexes>`_

I wonder if we could use this to fix the race condition?

[Sebastian Spaeth]

That would help with the duplicate username thing for sure. I guess
having an index on the username will be good anyway for performance
reaosons.

It won't help with the email issue, as we need to check for
case-insensitive uniqueness.

[Christopher Allan Webber]

There's an easy way to handle case insensitivity in email and
that's to do string.lower() on all email operations before we
commit changes to email addresses (?)

[Christopher Allan Webber]

::

    <spaetz> paroneayea: email duplication is not *that* trivial :)  [08:49]
    <spaetz> "The local-part of an address, is defined to be opaque to
             intermediate mail relay systems except the final mailbox host. For
             example, it must not be assumed to be case-insensitive." 
    <spaetz> ^^^wikipedia. But usually it should be easiest to just assume
             case-insensitivity
    <paroneayea> spaetz: well
    <paroneayea> we could store the email value twice  [08:50]
    <spaetz> I seriously doubt we would run in trouble :)
    <paroneayea> once for the lowercased one
    <paroneayea> which we could use to force uniqueness
    <paroneayea> but yeah I don't think it matters
    <spaetz> right, that we could do.
    <paroneayea> forcing to lowercase for now is good enough
    <spaetz> I don't think it matters either
    <Elrond> I would just lowercase the hostname and be done.   If people want to
             register multiple users, they'll surely find some email address
             dispenser.

We can probably just do what Elrond says.

[Elrond]

We want to address this for 0.0.3

[Alejandro Villanueva]

0004-Checks-if-the-email-lowercase-have-been-used-before-.patch.tar.gz

[Alejandro Villanueva]

Now we can check if the email have used by another user and
displays the error, the email is lowercased before checking into
the database. which must be good enough.

[Elrond]

Joar is a bit too busy. :-)

[Will Kahn-Greene]

We release 0.0.4, so I'm bumping this to 0.0.5.

[Caleb Davis]

Alejandro's patch needs review.

I would use a warning more like,

::

    Sorry, that email address is already assigned.

Hm, perhaps we need a process to handle malicious squatting, but
that would be a new ticket.

Otherwise, besides this:

::

    error: patch failed: mediagoblin/auth/views.py:39
    error: mediagoblin/auth/views.py: patch does not apply

Alejandro's code gets a +1 from me.

[Christopher Allan Webber]

Merged!

[Elrond]

I have to reopen this.

::

    -  user['email'] = request.POST['email']
    +  user['email'] = request.POST['email'].lower()

The part before the @ is case sensitive. At least I'm 99% sure.
Most MTAs/MDAs don't care for it, that's right.
But AFAIK the standard says, it is case sensitive!
(And I even know unixy people, for which it is partly case
sensitive!)

[Christopher Allan Webber]

Man, this is so old and seems so easy to fix. Does anyone want to
do it?

[Aleksej]

I don't see what is important in this issue (user's convenience or
easy sock-puppets), so just a mention:
`user@example.com <mailto:user@example.com>`_ can be the same
account as `user+abc@example.com <mailto:user+abc@example.com>`_.

[Elrond]

1) Okay, I'm trying to take care of this. Should really be simple.
   I'll just lowercase everything after the first "@".

2) Aleksej Serdjukov: Could you please elaborate (possibly on irc)
   what you want to say with your statement?

[Will Kahn-Greene]

The original url for this bug was ​http://bugs.foocorp.net/issues/320 .

[Elrond]

Commit: 53280164e2ebb5856a6f25d14f27439855f99dbb