0010343: avoid accounts with identical email addresses - MantisBT - Signup temporarily disabled due to spam

ID	Project	Category	View Status	Date Submitted	Last Update

0010343	mantisbt	email	public	2009-04-16 17:33	2013-01-11 16:30

Reporter	Wepl	Assigned To	atrol
Priority	normal	Severity	feature	Reproducibility	N/A
Status	closed	Resolution	duplicate
Product Version	1.2.0a3

Summary	0010343: avoid accounts with identical email addresses
Description	It would be nice to have a check during creating a user that the email address specified is not already used by any existing account. This would avoid misuse of the bugtracker. And also permit that a user registers accidentally. I think this should be a configurable option.
Tags	No tags attached.

djcarr 2009-04-16 21:55 reporter ~0021581	A dangerous idea, if you do implement it please make this optional and OFF by default. Three good reasons: I have my own account and also use the "administrator" account - both use my email address. When users depart I set their email address to a central address so I can monitor any subsequent activity on those accounts. We also have a couple of role-based accounts eg "FoobarManager" which has a email address that changes from user to user, but the users also have their own personal accounts.

giallu 2009-04-17 03:45 reporter ~0021582	djcarr, I see your own use cases, but I also need to mention your reasons (at least 1 and 2, I can't grok 3) looks a lot like workarounds for missing features in mantis. For sure, I don't see this idea as "dangerous" in any way...

Wepl 2009-04-17 06:08 reporter ~0021584 Last edited: 2009-04-17 06:08	The reason for the request is that I have users which were unhappy with the account name, and because they cannot change it himself, they created a second account. This is what I like to avoid. I would prefer they ask the admin to change their account name instead. djcarr: If you can create email addresses yourself like me, this is no problem because a seperate email address for each and let forward them... Also this option should only apply to new accounts. So existing accounts can still have the same email address.

djcarr 2009-04-19 19:04 reporter ~0021598 Last edited: 2009-04-19 19:21	To further explain reason 3: Accounts AdamA (adama@dummy.com), BertB (bertb@dummy.com), CharlieC (charliec@dummy.com). Account "FoobarManager". First it might have email adama@dummy.com, then six months later bertb@dummy.com, then 3 months later charliec@dummy.com. Thus the account exists as a "role" that is constant - you can always locate "FoobarManager" in Mantis without having to know which particular user is in that role at the time. I do agree that implementing missing features such as a "Users and Roles" system in Mantis would address all 3 of the reasons I gave, however that is a big undertaking and in the meantime I would not like to see this proposed "restriction" become the default. I did have the same problem as you Wepl with some users creating multiple accounts because they didn't like their name or didn't understand the email confirmation system. I approached this with more education, by putting more detailed instructions on the signup page and pointing out the link to the administrator email. My suggestion If creating an account will produce a duplicate email, pop up a "sudo" type login to approve the action, where the configured THRESHOLD could be MANAGER or ADMIN. If THRESHOLD = ALL, then there is no login prompt and the duplicate will be allowed. If THRESHOLD = NONE then the duplicate will always be disallowed. I believe this would address everyone's needs outlined so far in this issue...