search

Flagsmith / flagsmith

Open Source Feature Flagging and Remote Config Service. Host on-prem or use our hosted version at https://flagsmith.com/
https://flagsmith.com/
BSD 3-Clause "New" or "Revised" License
4.77k stars 365 forks source link

Duplicate user issue when using social auth #4185

Closed sentry-io[bot] closed 3 months ago

sentry-io[bot] commented 3 months ago

Sentry Issue: FLAGSMITH-API-4Q3

FFAdminUser.MultipleObjectsReturned: get() returned more than one FFAdminUser -- it returned 2!
(13 additional frame(s) were not displayed)
...
  File "custom_auth/views.py", line 42, in post
    serializer.is_valid(raise_exception=True)
  File "users/models.py", line 93, in get_by_natural_key
    return self.get(email__iexact=email)

It seems as though it is possible to create duplicate (when evaluated case insensitively) email addresses in the database by authenticating first with email password.

Based on example, it seems that the steps to reproduce this issue are:

  1. Register (using email and password) with an email address using all lower case e.g. billy.the.kid@gmail.com
  2. Register (using Google) with the same email address but with certain characters capitalised, e.g. Billy.The.Kid@gmail.com
khvn26 commented 3 months ago

I guess CIEmailField is not an option given the continued Oracle support?

matthewelwell commented 3 months ago

I guess CIEmailField is not an option given the continued Oracle support?

Correct.