Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Prevent new username from using existing user email address #17070

Closed
Starker3 opened this issue Jan 11, 2021 · 4 comments · Fixed by #17296
Closed

Prevent new username from using existing user email address #17070

Starker3 opened this issue Jan 11, 2021 · 4 comments · Fixed by #17296
Assignees
@flamisz
Labels
Bug For errors / faults / flaws / inconsistencies etc. Help wanted Beginner friendly issues or issues where we'd highly appreciate community's help and involvement.
Milestone
4.5.0

Comments

@Starker3
Copy link
Contributor

It seems that when creating a new user, it's possible to set the username to an existing user email address which will then cause the existing user to not be able to log in.

For example, a super user with username admin and email address of admin@example.com creates a new user with email user@example.com and accidentally sets the new username to admin@example.com

This prevents the super user from being able to log in to their account using their email address.

image
@Findus23
Copy link
Member

Not sure if it wouldn't even be enough to not allow any E-Mails as usernames as it could confuse users.

@Starker3
Copy link
Contributor Author

No, we wouldn't want prevent users from using emails as usernames.

Basically implement the same check we currently do for existing usernames, but for existing emails as well specifically for the username.

So we'd do a check of the new username against existing usernames & emails.

@sgiehl
Copy link
Member

sgiehl commented Jan 11, 2021

So we'd do a check of the new username against existing usernames & emails.

We should do the check vise versa as well, so no one can enter a email address that matches an already existing username

@tsteur tsteur added Bug For errors / faults / flaws / inconsistencies etc. c: APIs For bugs and features in the Matomo HTTP and plugin APIs. Help wanted Beginner friendly issues or issues where we'd highly appreciate community's help and involvement. and removed c: APIs For bugs and features in the Matomo HTTP and plugin APIs. labels Jan 11, 2021
@tsteur tsteur added this to the 4.4.0 milestone Jan 11, 2021
@65Q2M89mBVP53sCK
Copy link

Just my 50 cents...

A better option would be to allow new users with already existing email addresses.

Example:
We have some accounts for administration and maintenance that have the same email address.

How do we create users at the moment:
We create such a user with a "unique" email address. Then we change the e-mail address in the database (which is set for several users).

@flamisz flamisz self-assigned this Mar 3, 2021
@flamisz flamisz mentioned this issue Mar 3, 2021
Merged
9 tasks
@mattab mattab modified the milestones: 4.7.0, 4.5.0 Aug 25, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@flamisz flamisz

Labels
Bug For errors / faults / flaws / inconsistencies etc. Help wanted Beginner friendly issues or issues where we'd highly appreciate community's help and involvement.
Projects
None yet
Milestone
4.5.0
Development

Successfully merging a pull request may close this issue.

Check usernames and emails against each other on user create and update matomo-org/matomo
7 participants
@tsteur @mattab @sgiehl @Findus23 @flamisz @Starker3 @65Q2M89mBVP53sCK