View Issue Details

IDProjectCategoryView StatusLast Update
0008685mantisbtsignuppublic2016-04-17 08:10
Reportergarethrandall Assigned To 
Status acknowledgedResolutionopen 
Product Version1.1.0 
Summary0008685: New users aren't warned that another user account has identical e-mail address.

In large corporate environments, users sometimes register once, then forget they have done so and later register another account with the same e-mail address. This leads to duplicate, unwanted accounts on the system.

I recommend that Mantis should warn users when they try to register another account with the same e-mail address, or, at the administrator's option, refuse to register such a duplicate account at all.

TagsNo tags attached.


related to 0009093 closedvboctor Add a configuration option to enforce email uniqueness 




2007-12-20 12:09

manager   ~0016480

I removed the following from your description, since it should be a reported as a separate bug:

"Note that Mantis does refuse to allow two users to specify the same "Real Name" (Application Error #807). However, by this point, the duplicate accounts have already been created."

Ideally I would like to see the banning of multiple accounts with the same email. However, we will have to take into considerations upgrades from previous versions which allowed that. Following are some options to help solve this issue:

  1. Provide a better account pruning algorithm - currently we prune accounts that have signed up and never signed up (after 7 days). We can provide a pruning algorithm that prunes accounts that have registered, logged in, but never taken any actions (i.e. reported bugs, notes, monitored issues - specially ones that are not closed, etc).

  2. Provide a way to merge two accounts. This is the ability for an admin to attribute the actions of one account to another and remove the un-used account.

  3. Provide the admin with a utility script that identifies user names with duplicate email addresses. Also that provides a summary of the activity of such user names (e.g. number of logins, number of reported issues, number of handled issues, number of notes, monitored issues, last login, etc). This will help the admin to decide what to do about such accounts.

However, blocking creation of such accounts with duplicate emails is an easy step that makes a lot of sense. I just don't think that we need an option to allow it.




2007-12-21 06:49

reporter   ~0016495

Yes, I'd favour a complete ban on registering duplicate accounts with the same e-mail address. That's one use for the "I've forgotten my password" option.

However, ensuring a consistent upgrade path for current users is important. My view is that anything already in the database can stay, and the ban only applies to new logins being registered. This means that existing users are not disrupted.

In terms of your suggestions:

  1. An extra category of "accounts that have done no actions" might be useful. You could leave the administrator to make their own decisions on what to do with them, without worrying about the pruning logic yourself.

  2. Merge accounts - useful when a user leaves a company. It's good to be able to delete the user account (not just disable) without leaving "unknown user" as the owner of all previous actions. This could be a feature request in itself.

  3. Spot duplicate e-mail addresses. Useful, and presumably straightforward to implement with the right SQL.

In terms of a page showing the number of logins, actions etc, this would be useful as a generic page, and simple to generate. I'm trying not to go off-topic, as this would be valuable as yet another feature request :-)