uniqueness for dbuser.email

Question

uniqueness for dbuser.email

abma opened this issue 5 years ago · comments

mail is no unique field: what happens when multiple results are returned? are all passwords reset?

silentwings · Answer 1 · Fri Dec 20 2019 03:20:24 GMT+0800 (China Standard Time)

the oldest user account found in the db with the specified email is used - https://github.com/spring/uberserver/blob/master/SQLUsers.py#L637

new user accounts must use unique emails https://github.com/spring/uberserver/blob/master/SQLUsers.py#L581

resetting all is probably a bad idea, we want to encourage one account per (non-bot) user

the email field existed basically unused for years, so who knows what's inside it.... imposing a uniqueness constraint inside the db could now only be done by direct access/modification.

abma · Answer 2 · Fri Dec 20 2019 04:39:13 GMT+0800 (China Standard Time)

ouch. this could be done much cleaner:

response = self.sess().query(User).filter(User.email == email).order_by(model.User.register_date)

(untested)

abma · Answer 3 · Fri Dec 20 2019 04:39:48 GMT+0800 (China Standard Time)

for uniqueness in db: poke me, i can change that

silentwings · Answer 4 · Fri Dec 20 2019 19:07:47 GMT+0800 (China Standard Time)

n2s: currently CREATEBOTACCOUNT allows a new bot account to share an email with the 'parent' non-bot account it copied pw/email; if we enforced db uniqueness, we would have to change this.

(as it stands currently, a consequence is that, bot accounts can only have pw reset requests sent by moderators)

silentwings · Answer 5 · Wed Feb 19 2020 05:08:01 GMT+0800 (China Standard Time)

@abma

email addresses must be (changed to be) either unique or equal to None, in particular the empty string "" which is currently used for many users will count as non-uniqueness
there might be all kinds wierdness inside the email field of older users

CREATEBOTACCOUNT now creates bots with email=None