User name and email existence checks use zauth tables #3256
Comments
Guite
changed the title
|
If the user who never logged in since the upgrade happens is asking for his email recovery he do get the info his email address is not available. Recovery not possible. |
Guite
changed the title
actually - checking username and/or email address can (and probably should) only be done in the users table. |
|
valid uname appears to be checked in both users repo and zauth mapping repo: |
|
I just tried the situation and confirm the problem. My clone of 1.4.1 was working before upgrading. There is a user registered. If now upgrade to 1.4.4rc2/3 I am able to create a new user with the same name but new mail address. The registration was made as a guest and not as the admin. The registration process was complete successfull and the new user is able to login via email/password. Can I help with anything to test/analyse/log? I will keep this test environment running and do other tests in a new setup. |
* validate UserEntity on registration. fixes #3256 * fixed recognition of existing user names * added missing flashes
Expected behavior
A username (or an email address if unique emails are configured) may not be registered twice.
Actual behavior
User name and email address checking is done using the zauth authentication mapping and verification tables. But existing users are only migrated during their (next) login after ZAuth has been installed. Hence, it is possible to register using an already existing user name if the corresponding user is not contained in the zauth tables yet.
Steps to reproduce
Try to register using a user name which exists in the user table, but not in mapping table yet.
Proposal
Either enforce a migration of all users to the mapping and verification tables. Or check user name and email address existence using the users table.
The text was updated successfully, but these errors were encountered: