DB authentication allows duplicate email addresses?

DB authentication allows duplicate email addresses?

by Christos Savva -
Number of replies: 2

Hello Moodlers

We are investigating the possiblity of allowing authentication to our Moodle using external DB.

Based on our tests it seems that Moodles does not prevent the creation of accounts when there is a duplicated email address.

If for example I already have a user in Moodle, registered manually with email xxx@email.com, and I add another user to the external DB with the same email xxx@email.com Moodle will not give an error.

The new user will be added to the mdl_users tables just fine.

The same will happen if I have 2 users in the external DB with the same email but different username, lets say

username1, xxx@email.com

username2,xxx@email.com


I found an old forum post about this here but there are no solutions or explanation.

Is this a bug, or it is like this by design?


Kind regards

Christos


Average of ratings: Useful (1)
In reply to Christos Savva

Re: DB authentication allows duplicate email addresses?

by Leon Stringer -
Picture of Core developers Picture of Particularly helpful Moodlers

I'm going to guess it's by design but the Allow accounts with same email option is confusing. The authentication plugins delegate the responsibility of populating user fields to the authentication service in question — an external database in this instance — trusting it to manage these fields. So one could control whether there are duplicate email addresses in the external database, e.g. using a unique database column constraint.

What's confusing is the wording "Allow accounts with same email" as what it actually seems to control is:

  • Whether you can set duplicate addresses when adding or updating users via the Moodle web interface.
  • Whether you can have duplicate addresses when adding or updating users via the CSV upload functionality (regardless of whether the user authentication plugin allows it).

It would perhaps make sense if this option applied to users managed by authentication plugins too. You could add a Tracker issue if this is causing an issue.

Average of ratings: Useful (1)
In reply to Leon Stringer

Re: DB authentication allows duplicate email addresses?

by Christos Savva -

Hi Leon, thank you for taking the time to reply smile

I agree that the External database should be responsible of managing user accounts, ie prevent duplicate email addresses, I just wanted to clarify this so that we plan the steps ahead.

Thank you for your time smile

Average of ratings: -