@Starker3 opened this Issue on January 11th 2021

It seems that when creating a new user, it's possible to set the username to an existing user email address which will then cause the existing user to not be able to log in.

For example, a super user with username admin and email address of admin@example.com creates a new user with email user@example.com and accidentally sets the new username to admin@example.com

This prevents the super user from being able to log in to their account using their email address.

image

@Findus23 commented on January 11th 2021 Member

Not sure if it wouldn't even be enough to not allow any E-Mails as usernames as it could confuse users.

@Starker3 commented on January 11th 2021

No, we wouldn't want prevent users from using emails as usernames.

Basically implement the same check we currently do for existing usernames, but for existing emails as well specifically for the username.

So we'd do a check of the new username against existing usernames & emails.

@sgiehl commented on January 11th 2021 Member

So we'd do a check of the new username against existing usernames & emails.

We should do the check vise versa as well, so no one can enter a email address that matches an already existing username

@65Q2M89mBVP53sCK commented on January 21st 2021

Just my 50 cents...

A better option would be to allow new users with already existing email addresses.

Example:
We have some accounts for administration and maintenance that have the same email address.

How do we create users at the moment:
We create such a user with a "unique" email address. Then we change the e-mail address in the database (which is set for several users).

This Issue was closed on March 16th 2021
Powered by GitHub Issue Mirror