Project

General

Profile

feature request #7276

Make User.email a unique field.

Added by Andreas Müller almost 4 years ago. Updated 2 months ago.

Status:
In Progress
Priority:
New
Category:
cdm
Target version:
Start date:
02/19/2018
Due date:
% Done:

10%

Severity:
normal
Tags:

Description

Make User.email a unique field.

In the context of password recovery it seems also a requirement to make the email address unique in the UserAccount table.
In order to recover a password the user can usually either supply the login or email address.

NOTE: As long as #7275 is not implemented or if it is rejected it is NOT possible to implement by standard

@Column(unique = true)

as NULL values are duplicates otherwise.


Related issues

Blocked by Edit - feature request #7275: [DISCUSS] Require email address for Users In Progress 02/16/2018

Associated revisions

Revision b28a9050 (diff)
Added by Andreas Müller over 3 years ago

fix #7276 Make User.emailAddress a unique field

Revision 80cbc741 (diff)
Added by Andreas Müller over 3 years ago

ref #7276 revert "make User.email a unique field"

Revision 612548d6 (diff)
Added by Andreas Müller over 3 years ago

ref #7276 revert "make User.email a unique field"

History

#1 Updated by Andreas Müller almost 4 years ago

#2 Updated by Andreas Müller almost 4 years ago

This only makes sense if email is an obligatory field, which currently is not the case and probably also will not be the case in future.

#3 Updated by Andreas Müller over 3 years ago

  • Status changed from New to Resolved
  • % Done changed from 0 to 50

#4 Updated by Andreas Müller over 3 years ago

  • Description updated (diff)
  • Status changed from Resolved to New

#5 Updated by Andreas Müller over 3 years ago

  • Status changed from New to Resolved

#6 Updated by Andreas Müller over 3 years ago

  • Status changed from Resolved to Feedback
  • Assignee changed from Andreas Müller to Andreas Kohlbecker

For now I suggest to reject this feature request as long as NULL values are allowed (#7275).

We could only try to check programmatically if an email address already exists. Also we could try to write a validation rule NullOrUnique. But these solutions might be new tickets. What do you think?

#7 Updated by Andreas Kohlbecker over 3 years ago

  • Target version changed from CDM UML 5.0 to Release 5.1

#8 Updated by Andreas Müller over 3 years ago

  • Target version changed from Release 5.1 to CDM UML 5.5

#9 Updated by Andreas Müller over 2 years ago

  • Target version changed from CDM UML 5.5 to CDM UML 5.15

#10 Updated by Andreas Müller over 1 year ago

  • Target version changed from CDM UML 5.15 to CDM UML 5.29

#11 Updated by Andreas Müller 2 months ago

  • Status changed from Feedback to In Progress
  • Assignee changed from Andreas Kohlbecker to Andreas Müller
  • % Done changed from 50 to 10

AM:

Eigentlich dachte ich ja wir können sie als rejected schließen. Aber das Thema uniquenes ist natürlich schon kritisch, da dieses irgendwie gecheckt werden muss und das passiert natürlich am sichersten auf DB Ebene.
Ansonsten können User im schlimmsten Fall das Recovery für einen anderen User machen, also ziemliches Sicherheitsrisiko, oder es funktioniert nicht, wenn versehentlich eine Mailadresse 2x existiert (was versehentlich bei Importen oder so nicht ganz auszuschließen ist).
Vermutlich sollten doch deinen Vorschlag umsetzen und für User ohne email eine Emailadresse verwenden, die die UUID enthält und einem klaren Muster entspricht, z.B. 1a73da6c-c8f4-497a-9354-b7abb0587efe@noemail.com . User mit dieser Mail Adresse können nicht an der Recovery teilnehmen. Im Editor sollten diese Adressen auch nicht angezeigt werden, sondern sie sollten nur von der Persistence gehandelt werden.

AK:

Ja, die Uniqueness ist nötig.

Als Topleveldomain im email template sollen wir jedoch *.test verewnden, diese ist für interne Test-Zwecke reserviert und somit eindeutig ungültig, auch für externe Dienste, sollte eine dieser Mailadressen mal nach außen sickern.

also {user.uuid}@cybertaxonomy.test oder ...@noemail.test - entscheide du!

#12 Updated by Andreas Müller 2 months ago

#13 Updated by Andreas Müller 2 months ago

#14 Updated by Andreas Müller 2 months ago

  • Tags set to phycobank

Also available in: Atom PDF

Add picture from clipboard (Maximum size: 40 MB)