|Subject:||Empty email addresses must not be canonicalized|
(This bug has also been filed asEmail addresses are optional. Very bad things happen if we treat all users who have no email address as the same user. Example: 1. $RT::Config::ValidateUserEmailAddresses is enabled (as per default) 2. There exists user "A" whose EmailAddress is empty. 3. There exists user "B" whose EmailAddress is 'firstname.lastname@example.org'. 4. User A is merged into User B. Suppose RT::Interface::Web::AttemptExternalAuth() calls $UserObj->Create(Name => ..., Gecos => ...); The call will fail, since the call gets canonicalized to $UserObj->Create( Name => ..., Gecos => ..., EmailAddress => 'email@example.com' ); and RT::User::ValidateUserEmailAddress() will reject it with an "Email address in use" error.