Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Empty email addresses must not be canonicalized #2

Open
dpoon opened this issue Jun 15, 2016 · 1 comment
Open

Empty email addresses must not be canonicalized #2

dpoon opened this issue Jun 15, 2016 · 1 comment

Comments

@dpoon
Copy link

dpoon commented Jun 15, 2016

Email addresses are optional. Very bad things happen if we treat all users who have no email address as the same user.

Example:

  1. $RT::Config::ValidateUserEmailAddresses is enabled (as per default)
  2. There exists user "A" whose EmailAddress is empty.
  3. There exists user "B" whose EmailAddress is '[email protected]'.
  4. User A is merged into User B.

Suppose RT::Interface::Web::AttemptExternalAuth() calls

$UserObj->Create(Name => ..., Gecos => ...);

The call will fail, since the call gets canonicalized to

$UserObj->Create(
    Name => ..., Gecos => ...,
    EmailAddress => '[email protected]'
);

and RT::User::ValidateUserEmailAddress() will reject it with an "Email address in use" error.
@dpoon dpoon mentioned this issue Jun 15, 2016
Open
@dpoon
Copy link
Author

dpoon commented Jun 21, 2016

Bug report also filed as https://rt.cpan.org/Ticket/Display.html?id=115494

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@dpoon