[MAGNOLIA-1731] Properly prevent creation of duplicate users Created: 07/Sep/07 Updated: 04/Nov/15 Resolved: 04/Nov/15 |
|
| Status: | Closed |
| Project: | Magnolia |
| Component/s: | core, security |
| Affects Version/s: | None |
| Fix Version/s: | None |
| Type: | Improvement | Priority: | Major |
| Reporter: | Magnolia International | Assignee: | Sameer Charles |
| Resolution: | Won't Do | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Issue Links: |
|
||||||||
| Template: |
|
||||||||
| Acceptance criteria: |
Empty
|
||||||||
| Task DoD: |
[ ]*
Doc/release notes changes? Comment present?
[ ]*
Downstream builds green?
[ ]*
Solution information and context easily available?
[ ]*
Tests
[ ]*
FixVersion filled and not yet released
[ ] 
Architecture Decision Record (ADR)
|
||||||||
| Date of First Response: | |||||||||
| Description |
|
To discuss / confirm :
|
| Comments |
| Comment by Magnolia International [ 15/Jun/11 ] |
|
info.magnolia.cms.security.DelegatingUserManager#createUser could also check with its delegate if the user already exists. Not covered by this issue's description or the above comment: creating a user via admincentral,or the public-user-registration module or the openid module: they tap directly into a "sub" user manager. This is usually not a huge deal, except for login-related issues: since the jaas config is currently independant from the user managers configuration, we have no guarantee they are in the same order (meaning a user logging in with name "johndoe" might be a different account than that returned by SecuritySupport.getUserManager().getUser("johndoe")) Possible API changes:
|
| Comment by Michael Mühlebach [ 04/Nov/15 ] |
|
Given the thousands of other issues we have open that are more highly requested, we won't be able to address this issue in the foreseeable future. Instead we will focus on issues with a higher impact, and more votes. |