Canonical SSO provider

Wrong error when adding an invalidated email

Bug #1132981 reported by Leo Arias on 2013-02-25

This bug affects 2 people

Affects		Status	Importance	Assigned to	Milestone
	Canonical SSO provider	Invalid	Low	Unassigned

Bug Description

When I'm adding an email to my account that was invalidated, I get an error saying:

"Email already associated with account."

That's true, but misleading. It would be better if we display the same message that appears when I try to log in with the invalidated email:

"This email address has been invalidated. Please contact login support."

And may I add that this message is incomplete. It would be better to say something like:
"This email address has been invalidated. Please double-check that it's yours, and then contact login support."

To reproduce:
Log in.
Go to https://login.ubuntu.com/+emails
add an email
Go to the inbox and click the invalidate link.
Log in again.
Go to https://login.ubuntu.com/+emails
Add the same email.

Tags:

Revision history for this message

Leo Arias (elopio) wrote on 2013-02-25:

Screenshot from 2013-02-25 14:37:52.png Edit (26.7 KiB, image/jpg)

Leo Arias (elopio) on 2013-02-25

Changed in canonical-identity-provider:
status:	Confirmed → New

Revision history for this message

Michael Foord (mfoord) wrote on 2013-02-26:

The intention is that if *someone else* should *be able* to add an email to their account that has been invalidated on another account (otherwise you can prevent someone from using their own email address). This has not yet been implemented - so the current "problem" is expected behaviour until the right behaviour is put in place.

I think this is the situation you are talking about anyway. (Or are you talking about re-adding an invalidated email address - which shouldn't be possible and could almost certainly have a better error message.)

Revision history for this message

Michael Foord (mfoord) wrote on 2013-02-26:

Ah, looking at your *actual* error report you're talking about re-adding an invalidated email address to the same account. In which case I agree the error could be clearer. Sorry for the noise.

Revision history for this message

Ricardo Kirkner (ricardokirkner) wrote on 2013-02-26: Re: [Bug 1132981] [NEW] Wrong error when adding an invalidated email

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 02/25/2013 05:41 PM, Leo Arias wrote:
> Public bug reported:
>
> When I'm adding an email to my account that was invalidated, I get
> an error saying:
>
> "Email already associated with account."
>
> That's true, but misleading. It would be better if we display the
> same message that appears when I try to log in with the invalidated
> email:
>
> "This email address has been invalidated. Please contact login
> support."
>
> And may I add that this message is incomplete. It would be better
> to say something like: "This email address has been invalidated.
> Please double-check that it's yours, and then contact login
> support."
>
> To reproduce: Log in. Go to https://login.ubuntu.com/+emails add an
> email Go to the inbox and click the invalidate link. Log in again.
> Go to https://login.ubuntu.com/+emails Add the same email.

Maybe the problem is that the invalidated email is not being
displayed? What if we display the invalidated email, but don't allow
to operate on it? Would that improve things? If I add an email that I
see is already present, I wouldn't be confused by the current error
message.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iEYEARECAAYFAlEsxjMACgkQaHF+Qaymu6eUfACgnYyF+1qSORa3fdH5dDTlFFjN
Hp0AoJcpPq+cdNvUFVvMFhNK5HluXBX/
=rltm
-----END PGP SIGNATURE-----

kamil (gogolczyk2) on 2014-12-30

Changed in canonical-identity-provider:
assignee:	Canonical ISD hackers (canonical-isd-hackers) → kamil (gogolczyk2)
status:	New → Incomplete
tags:	added: u1- removed: u1-on-production
Changed in canonical-identity-provider:
assignee:	kamil (gogolczyk2) → nobody