Mahara

Registration email can be sent out more than once within the initial 24 hour period

Bug #692614 reported by Stacey Walker on 2010-12-20

6

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	Mahara	Fix Released	Low	Ruslan Kabalin	Mahara 1.4.0

Bug Description

A user can register, and be sent emails, multiple times with the same details prior to completing the registration process from the link sent. There are multiple records in usr_registration with only the sequential id differing.

Perhaps we need to check for a unique email in here and offer some notification to the user that the email has already been used?

However, there is also the issue that if this initial email wasn't received it might not be easy for the user to wait 24 hours until it clears from the database to try again, or to get hold of a sysadmin to delete the record manually so they can do so without hassle so there might be extra requirements around this or this might be the reason it currently allows for multiple records.

Tags:

Stacey Walker (stacey) on 2010-12-20

Changed in mahara:
milestone:	1.4.0 → 1.3.4

Revision history for this message

Stacey Walker (stacey) wrote on 2010-12-20:

#1

I have just tested this between 1.4.0dev and 1.3.4dev and it is happening the same in both.

Changed in mahara:
milestone:	1.3.4 → 1.4.0

Revision history for this message

François Marier (fmarier) wrote on 2010-12-20:

#2

Interesting. Are the multiple emails causing a problem or is it just an annoyance?

Changed in mahara:
status:	New → Confirmed

Revision history for this message

Stacey Walker (stacey) wrote on 2010-12-20:

#3

As far as I can tell from quick testing it's not going to let a user do anything they shouldn't be allowed to. i.e., create two accounts with exactly the same username, email where they should be unique.

But it could result in a bit of confusion if a user thought that maybe their account wasn't being created properly and kept registering etc.

François Marier (fmarier) on 2010-12-20

Changed in mahara:
importance:	Medium → Low

Revision history for this message

Ruslan Kabalin (rkabalin) wrote on 2010-12-21:

#4

Just to keep all relevant information here, the issue was discussed on the forum as well: http://mahara.org/interaction/forum/topic.php?id=2630#post11526

Revision history for this message

Ruslan Kabalin (rkabalin) wrote on 2010-12-21:

#5

> Are the multiple emails causing a problem or is it just an annoyance?

As Sergio suggested on the forum, it is possible though to create two users with the same email by registering twice using different links and specifying different usernames. I see two possible solutions:

1. Leave multiple registration records in usr_registration as it is, but check at the registration key processing that the user with the same email does not exist in usr table.
2. At the registration, ensure that only one record for given email exist (e.g. each consequent registration attempt the record with the same email is being updated with new key and all the data).

Revision history for this message

Richard Mansfield (richard-mansfield) wrote on 2010-12-21:

#6

Ruslan, both solutions sound good to me. I think I have a slight preference for 2 just because it avoids the error screen.

I really wish Mahara had enforced uniqueness of email addresses in the user table right from the start.

Ruslan Kabalin (rkabalin) on 2010-12-23

Changed in mahara:
assignee:	nobody → Ruslan Kabalin (ruslan-kabalin)

Revision history for this message

Ruslan Kabalin (rkabalin) wrote on 2010-12-23:

#7

I have filled in a separate bug #693790 that reflects the original problem.

Changed in mahara:
status:	Confirmed → Fix Committed

Revision history for this message

Ruslan Kabalin (rkabalin) wrote on 2010-12-23:

#8

Do you want me to update stable branches (1.2, 1.3) with this fix?

Revision history for this message

François Marier (fmarier) wrote on 2010-12-23:

#9

1.2 is now pretty much only for security fixes, so I wouldn't worry about that one.

In terms of 1.3, I'm not sure how important this is. I mean it's bad that we get duplicate emails but it has always been the case (i.e. not a regression) and while it's easy to do when you know how to do it, it's not so easy to do by mistake.

And I would tend to be conservative in changing the registration code on the stable branch because it could introduce bugs that could be worse. What do you think?

Revision history for this message

Ruslan Kabalin (rkabalin) wrote on 2010-12-24:

#10

OK, let us be on the safe side and leave this fix for master only.

François Marier (fmarier) on 2011-06-14

Changed in mahara:
status:	Fix Committed → Fix Released

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.