Closed rlacroix closed 5 years ago
Please gods no, There is no legitimate reason for multiple users to have the same email.
I would actually consider the fact there is a security check here to make sure that multiple abusive users do not use the same email to mega-spam my website without having to do the work of also making sure a legitimate email for every user they create exists to be a good thing that helps security.
Please do not add this feature, or you will make this less secure.
@duaneking got it right.
As it obviously seems you use email address as username for a user in your system.
By definition, username is:
an identification used by a person with access to a computer, network, or online service."
Thus it MUST be unique for each user (in order to identify him).
So, you cannot have multiples users with the same username (in your case - email).
See OWASP Authentication Cheat Sheet for more information regarding this approach.
So @rlacroix that is the reason, its for security and making sure people actually own the email they claim they do.
This defect should be closed as WONTFIX, Not A Bug, imho.
Is there any reason why I cannot have multiple users with the same email address? I noticed in
unique_username_validator
the docstring says""" Username must be unique. This validator may NOT be customized."""
.I was thinking I could extend the registration form to use a different validator, but wanted to know if that is violating this warning.
I'm on v1.0
Thanks!