Mahara

Uniqueness of email addresses not enforced in artefact_internal_profile_email

Bug #903494 reported by François Marier on 2011-12-13

6

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	Mahara	Triaged	Low	Unassigned

Bug Description

The uniqueness of email addresses is not enforced by the database in the artefact_internal_profile_email table.

We should consider adding a unique constraint on that column because elsewhere we prevent users from adding an email address already claimed by another user.

Tags:

Revision history for this message

François Marier (fmarier) wrote on 2011-12-13:

#1

Note: this is not a straightforward task. It requires investigating how we use this table in order to determine whether or not we should be changing this.

Revision history for this message

Robert Lyon (robertl-9) wrote on 2013-11-15:

#2

Still no unique constraint on the email field.

Revision history for this message

Kristina Hoeppner (kris-hoeppner) wrote on 2013-11-17:

#3

Which email address field is that? I thought that the user could not add another email address that is already in use through the interface?

We do get duplicate email addresses when an external authentication method is used or a user is imported via Leap2A.

Revision history for this message

Aaron Wells (u-aaronw) wrote on 2013-11-21:

#4

Hi Kristina,

The field artefact_internal_profile_email.email is the database column where email artefacts get stored. If there are legitimate reasons for more than one user to have the same email address, then we should *not* put a uniqueness constraint on that column.

(A note for future developers looking at this: emails are also redundantly stored in the usr.email column. The email there is the user's "primary email address", which Mahara uses when it needs to send then an email. The other email addresses are mostly just for displaying in Contact Info & Profile blocks.)

Cheers,
Aaron

Revision history for this message

Kristina Hoeppner (kris-hoeppner) wrote on 2013-11-24:

#5

The only reason why two users would have the same email address is when a Leap2A import is made or if the same user is added a second time through an external authentication method. In both cases it would be better I think if the system alerted the admin to the fact so that a duplicate account could be avoided. With the interactive import of a Leap2A file, a user doesn't have to create a new account anymore to get their content into Mahara, but content can be imported directly into an existing portfolio. And when a user tries to set up a new account with the same email through an external auth method, it would be good to alert as well because then rather than having two accounts (or more) and getting confused which one to use, the admin would be able to set up the proper auth method for the one account the user should be having.

Since a user can discern which content to make available to whom, two accounts or more shouldn't be necessary.

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.