LEAP2 import does not check if the new user email is already used in Mahara
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
| Mahara |
Medium
|
Unassigned |
Bug Description
When importing a LEAP2 zip into a 1.5 Mahara site (latest 1.5.0dev from git) and if the new user email is already known, importation proceeds normally but the mahara site then starts to fail in various places (search friends, see groups members) ...
Errors reported in httpd error_log are :
[Thu Jan 26 10:22:19 2012] [error] [client 134.214.152.108] [WAR] a9 (lib/errors.
ahara/
[Thu Jan 26 10:22:19 2012] [error] [client 134.214.152.108] Call stack (most recent first):, referer: http://
[Thu Jan 26 10:22:19 2012] [error] [client 134.214.152.108] * log_message(
at /var/www/
[Thu Jan 26 10:22:19 2012] [error] [client 134.214.152.108] * log_warn(
mahara.
[Thu Jan 26 10:22:19 2012] [error] [client 134.214.152.108] * SQLException-
at /var/www/
[Thu Jan 26 10:22:19 2012] [error] [client 134.214.152.108] * get_record_
[Thu Jan 26 10:22:19 2012] [error] [client 134.214.152.108] * get_record("usr", "email", "<email address hidden>") at /var/www/
cs/local/
[Thu Jan 26 10:22:19 2012] [error] [client 134.214.152.108] * local_remote_
[Thu Jan 26 10:22:19 2012] [error] [client 134.214.152.108] * remote_
mahara/
[Thu Jan 26 10:22:19 2012] [error] [client 134.214.152.108] * profile_
woo/mahara/
[Thu Jan 26 10:22:19 2012] [error] [client 134.214.152.108] * Dwoo_Plugin_
k/maharadata/
It is also impossible to delete that user under site administration since getting that user data fails with the above error...
To return site to 'normal operation' one has to go to table usr and manually edit the new user email to an unique value
Cheers.
Edit : I did not tested it yet, but I do hope that this behaviour does not occur also in importing users from a CSV file ;-)
description: | updated |
description: | updated |
tags: |
added: leap2a removed: leap2 unicity |
Changed in mahara: | |
status: | New → Triaged |
importance: | Undecided → Medium |
milestone: | none → 1.5.0 |
Patrick Pollet (pp-c) wrote : | #2 |
Hi Francois,
> In the meantime you should just avoid relying on uniqueness in your custom code
Yes I just noticed that all these errors were triggered in my custom code to fetch user's avatar from our local gravatar server
that can use either email or student number... My fault ;-)
[Thu Jan 26 10:22:19 2012] [error] [client 134.214.152.108] * get_record("usr", "email", "<email address hidden>") at /var/www/
I fixed it.
Nevertheless I noticed that there is a language string 'emailalreadytaken' that is used in various places as follow :
[root@vm107-04 mahara]# grep -Rin emailalreadytaken *
admin/users/
artefact/
artefact/
auth/internal/
local/ldap/
maharadata/
maharadata/
register.php:387: $form->
So there are some provisions, but not everywhere for this uniqueness , at least when an user is manully added to Mahara , but apparently not when he is 'imported' from CSV of LEAP2A
Cheers
Hi Patrick,
You're right, sometimes the application does try to stop duplicate emails, but doing that with Leap2a imports would require bigger changes, so I'm going to remove the 1.5 milestone from this bug.
It's annoying because the current method is to create the user, then subsequently parse the Leap2a file and fill in all the user's profile fields - it's a bit nasty having to throw a duplicate email error at that stage, and then delete the newly created user afterwards. This approach probably wouldn't play nicely with the bulk Leap2a imports anyway.
It'd be easier to require the admin to supply an email along with the Leap2a file in the same way that they have to supply a username, but that requires a couple of UI changes, and I'm not sure it's worth it until we've worked out how we're going to remove duplicate emails from existing sites.
R.
Changed in mahara: | |
milestone: | 1.5.0 → none |
status: | Triaged → Confirmed |
Changed in mahara: | |
milestone: | none → 1.6.0 |
Changed in mahara: | |
assignee: | nobody → Son Nguyen (ngson2000) |
Changed in mahara: | |
milestone: | 1.6.0 → none |
Changed in mahara: | |
assignee: | Son Nguyen (ngson2000) → nobody |
Son Nguyen (ngson2000) wrote : | #4 |
I think an interactive UI importing for a bulk of users needs to be implemented. This will help admins to remove duplicate email addresses.
Aaron Wells (u-aaronw) wrote : | #5 |
Hi Son,
Do you mean an interactive UI for bulk-importing LEAP2A files? Because you can already bulk-import users using the "add users by CSV" page.
Cheers,
Aaron
Kristina Hoeppner (kris-hoeppner) wrote : | #6 |
The problem is not the manual creation of users or by CSV but when a Leap2A file is imported or an external auth is used. When an admin uploads a Leap2A file, the DB doesn't check if the email address already exists in the system. Nor are email addresses checked when SAML or MNet are connected.
An admin interface alone would not solve the problem because an admin is not involved when a user connects via SAML forgetting that thy already have an account just with a different auth method.
Hi Patrick,
Unfortunately uniqueness of email addresses is not enforced at the db level yet. We may look at fixing that in future, but first I think we'd need to do a bit of work around how to upgrade old databases. In the meantime you should just avoid relying on uniqueness in your custom code.
If you find any core code relying on uniqueness of emails (you mentioned search friends, and see groups members), let us know in another bug report, and we'll fix it for 1.5.
See also https:/ /bugs.launchpad .net/mahara/ +bug/903494, https:/ /bugs.launchpad .net/mahara/ +bug/907903