Skip Menu |
 

This queue is for tickets about the RT-Extension-MergeUsers CPAN distribution.

Report information
The Basics
Id: 115494
Status: new
Priority: 0/
Queue: RT-Extension-MergeUsers

People
Owner: Nobody in particular
Requestors: DEREKP [...] cpan.org
Cc:
AdminCc:

Bug Information
Severity: Important
Broken in: 1.02_01
Fixed in: (no value)



Subject: Empty email addresses must not be canonicalized
Download (untitled) / with headers
text/plain 817b
(This bug has also been filed as https://github.com/bestpractical/rt-extension-mergeusers/issues/2) Email addresses are optional. Very bad things happen if we treat all users who have no email address as the same user. Example: 1. $RT::Config::ValidateUserEmailAddresses is enabled (as per default) 2. There exists user "A" whose EmailAddress is empty. 3. There exists user "B" whose EmailAddress is 'b@example.org'. 4. User A is merged into User B. Suppose RT::Interface::Web::AttemptExternalAuth() calls $UserObj->Create(Name => ..., Gecos => ...); The call will fail, since the call gets canonicalized to $UserObj->Create( Name => ..., Gecos => ..., EmailAddress => 'b@example.org' ); and RT::User::ValidateUserEmailAddress() will reject it with an "Email address in use" error.


This service is sponsored and maintained by Best Practical Solutions and runs on Perl.org infrastructure.

Please report any issues with rt.cpan.org to rt-cpan-admin@bestpractical.com.