Allowing Multiple Users per Email

[rlacroix]

Is there any reason why I cannot have multiple users with the same email address? I noticed in unique_username_validator the docstring says """ Username must be unique. This validator may NOT be customized.""".

I was thinking I could extend the registration form to use a different validator, but wanted to know if that is violating this warning.

I'm on v1.0

Thanks!

[duaneking]

Please gods no, There is no legitimate reason for multiple users to have the same email.

I would actually consider the fact there is a security check here to make sure that multiple abusive users do not use the same email to mega-spam my website without having to do the work of also making sure a legitimate email for every user they create exists to be a good thing that helps security.

Please do not add this feature, or you will make this less secure.

[gryphon2411]

@duaneking got it right.

As it obviously seems you use email address as username for a user in your system.

By definition, username is:

an identification used by a person with access to a computer, network, or online service."

Thus it MUST be unique for each user (in order to identify him).

So, you cannot have multiples users with the same username (in your case - email).

See OWASP Authentication Cheat Sheet for more information regarding this approach.

[duaneking]

So @rlacroix that is the reason, its for security and making sure people actually own the email they claim they do.

This defect should be closed as WONTFIX, Not A Bug, imho.