Project

General

Profile

Actions

feature request #7276

open

Make User.email a unique field.

Added by Andreas Müller about 6 years ago. Updated over 2 years ago.

Status:
In Progress
Priority:
New
Category:
cdm
Target version:
Start date:
Due date:
% Done:

10%

Estimated time:
Severity:
normal
Tags:

Description

Make User.email a unique field.

In the context of password recovery it seems also a requirement to make the email address unique in the UserAccount table.
In order to recover a password the user can usually either supply the login or email address.

NOTE: As long as #7275 is not implemented or if it is rejected it is NOT possible to implement by standard

@Column(unique = true)

as NULL values are duplicates otherwise.


Related issues

Related to EDIT - bug #10461: Duplicate user name not handled correctly during registrationClosedAndreas Müller

Actions
Blocked by EDIT - feature request #7275: [DISCUSS] Require email address for UsersIn ProgressAndreas Müller

Actions
Actions #1

Updated by Andreas Müller about 6 years ago

Actions #2

Updated by Andreas Müller about 6 years ago

This only makes sense if email is an obligatory field, which currently is not the case and probably also will not be the case in future.

Actions #3

Updated by Andreas Müller almost 6 years ago

  • Status changed from New to Resolved
  • % Done changed from 0 to 50
Actions #4

Updated by Andreas Müller almost 6 years ago

  • Description updated (diff)
  • Status changed from Resolved to New
Actions #5

Updated by Andreas Müller almost 6 years ago

  • Status changed from New to Resolved
Actions #6

Updated by Andreas Müller almost 6 years ago

  • Status changed from Resolved to Feedback
  • Assignee changed from Andreas Müller to Andreas Kohlbecker

For now I suggest to reject this feature request as long as NULL values are allowed (#7275).

We could only try to check programmatically if an email address already exists. Also we could try to write a validation rule NullOrUnique. But these solutions might be new tickets. What do you think?

Actions #7

Updated by Andreas Kohlbecker almost 6 years ago

  • Target version changed from CDM UML 5.0 to Release 5.1
Actions #8

Updated by Andreas Müller almost 6 years ago

  • Target version changed from Release 5.1 to CDM UML 5.5
Actions #9

Updated by Andreas Müller almost 5 years ago

  • Target version changed from CDM UML 5.5 to CDM UML 5.15
Actions #10

Updated by Andreas Müller over 3 years ago

  • Target version changed from CDM UML 5.15 to CDM UML 5.43
Actions #11

Updated by Andreas Müller over 2 years ago

  • Status changed from Feedback to In Progress
  • Assignee changed from Andreas Kohlbecker to Andreas Müller
  • % Done changed from 50 to 10

AM:

Eigentlich dachte ich ja wir können sie als rejected schließen. Aber das Thema uniquenes ist natürlich schon kritisch, da dieses irgendwie gecheckt werden muss und das passiert natürlich am sichersten auf DB Ebene.
Ansonsten können User im schlimmsten Fall das Recovery für einen anderen User machen, also ziemliches Sicherheitsrisiko, oder es funktioniert nicht, wenn versehentlich eine Mailadresse 2x existiert (was versehentlich bei Importen oder so nicht ganz auszuschließen ist).
Vermutlich sollten doch deinen Vorschlag umsetzen und für User ohne email eine Emailadresse verwenden, die die UUID enthält und einem klaren Muster entspricht, z.B. 1a73da6c-c8f4-497a-9354-b7abb0587efe@noemail.com . User mit dieser Mail Adresse können nicht an der Recovery teilnehmen. Im Editor sollten diese Adressen auch nicht angezeigt werden, sondern sie sollten nur von der Persistence gehandelt werden.

AK:

Ja, die Uniqueness ist nötig.

Als Topleveldomain im email template sollen wir jedoch *.test verewnden, diese ist für interne Test-Zwecke reserviert und somit eindeutig ungültig, auch für externe Dienste, sollte eine dieser Mailadressen mal nach außen sickern.

also {user.uuid}@cybertaxonomy.test oder ...@noemail.test - entscheide du!

Actions #12

Updated by Andreas Müller over 2 years ago

Actions #13

Updated by Andreas Müller over 2 years ago

Actions #14

Updated by Andreas Müller over 2 years ago

  • Tags set to phycobank
Actions #15

Updated by Andreas Müller about 2 months ago

  • Related to bug #10461: Duplicate user name not handled correctly during registration added
Actions

Also available in: Atom PDF