https://www.redmine.org/https://www.redmine.org/favicon.ico?16793021292013-01-15T09:14:23ZRedmineRedmine - Defect #5976: Uniqueness of User model fields is not checked sufficiently https://www.redmine.org/issues/5976?journal_id=443392013-01-15T09:14:23ZDaniel Felix
<ul></ul><p>Well some kind of check is good, but if the database use some database driver which is transaction save, there shouldn't be some kind of duplicate.</p>
<p>Anyway, a check if the username/mail is available would be good.</p> Redmine - Defect #5976: Uniqueness of User model fields is not checked sufficiently https://www.redmine.org/issues/5976?journal_id=443402013-01-15T09:14:32ZDaniel Felix
<ul><li><strong>Category</strong> set to <i>Accounts / authentication</i></li></ul> Redmine - Defect #5976: Uniqueness of User model fields is not checked sufficiently https://www.redmine.org/issues/5976?journal_id=444212013-01-15T17:44:52ZHolger Just
<ul></ul><p>Daniel Felix wrote:</p>
<blockquote>
<p>Well some kind of check is good, but if the database use some database driver which is transaction save, there shouldn't be some kind of duplicate.</p>
</blockquote>
<p>Well, no. Only the DBMS itself can ensure uniqueness constraints, at least with the transaction level typically used. And if there are no constraints defined, they will not be ensured naturally.</p> Redmine - Defect #5976: Uniqueness of User model fields is not checked sufficiently https://www.redmine.org/issues/5976?journal_id=444222013-01-15T17:55:53ZEtienne Massip
<ul><li><strong>Status</strong> changed from <i>New</i> to <i>Confirmed</i></li><li><strong>Target version</strong> set to <i>Candidate for next minor release</i></li></ul><p>Indeed, the unique indexes are necessary (this is even documented in AR).</p> Redmine - Defect #5976: Uniqueness of User model fields is not checked sufficiently https://www.redmine.org/issues/5976?journal_id=444232013-01-15T17:56:09ZEtienne Massip
<ul><li><strong>Target version</strong> changed from <i>Candidate for next minor release</i> to <i>Candidate for next major release</i></li></ul> Redmine - Defect #5976: Uniqueness of User model fields is not checked sufficiently https://www.redmine.org/issues/5976?journal_id=444252013-01-15T18:45:26ZDaniel Felix
<ul></ul><p>Holger Just wrote:</p>
<blockquote>
<p>Well, no. Only the DBMS itself can ensure uniqueness constraints, at least with the transaction level typically used.</p>
</blockquote>
<p>I know Holger, but I think this was some kind of misunderstanding.<br />With database driver I meaned things like InnoDB (transaction save) and MyIsam (not save, but faster), well it would be better if I called them database engines instead of drivers.</p>
<p>Well even a constraint in the db won't help if the database engine has no transaction support. ;-)</p>
<p>But anyway... beside this... I totally agree with you. This should be handled by some constraint, but there should be still some indicator if this username or mail is already in use before sending the registration to redmine. Just in case of the user friendliness.</p> Redmine - Defect #5976: Uniqueness of User model fields is not checked sufficiently https://www.redmine.org/issues/5976?journal_id=444272013-01-15T19:08:57ZEtienne Massip
<ul></ul><p>Daniel Felix wrote:</p>
<blockquote>
<p>Holger Just wrote:</p>
<blockquote>
<p>Well, no. Only the DBMS itself can ensure uniqueness constraints, at least with the transaction level typically used.</p>
</blockquote>
<p>I know Holger, but I think this was some kind of misunderstanding.<br />With database driver I meaned things like InnoDB (transaction save) and MyIsam (not save, but faster), well it would be better if I called them database engines instead of drivers.</p>
<p>Well even a constraint in the db won't help if the database engine has no transaction support. ;-)</p>
</blockquote>
<p>Please see <a class="issue tracker-1 status-5 priority-4 priority-default closed" title="Defect: Adding multiple times the same related issue relation is possible (Closed)" href="https://www.redmine.org/issues/9685">#9685</a> and <a href="http://api.rubyonrails.org/classes/ActiveRecord/Validations/ClassMethods.html#method-i-validates_uniqueness_of" class="external">AR#validates_uniqueness_of</a>.</p>
<p>My concern is more about the Users table storing Groups which have no mail...</p> Redmine - Defect #5976: Uniqueness of User model fields is not checked sufficiently https://www.redmine.org/issues/5976?journal_id=445932013-01-16T18:39:03ZEtienne Massip
<ul></ul><p>Allowing a mail adress to be used for different users is often asked for so I don't think it would be a great idea to add a unique index here; about the login there's no MTI in RoR and neither sqlite, mysql or postgresql support unique indexes without considering null values.</p>
<p>So we could either have a table per class (will require more work in more code locations) or fill the login column with the name of the Group (Anonymous type has only one record).</p>