Several components allow logging in with email + password while User.email is not unique

stevenbal commented 6 days ago

Product versie / Product version

latest

Omschrijf het probleem / Describe the bug

I noticed that several components support the UserModelEmailBackend, even though email is not a unique attribute of the User model. This leads to errors if you try to login with an email that is used by one or more users

[x] Open Notificaties https://github.com/open-zaak/open-notificaties/pull/169
[x] Objects https://github.com/maykinmedia/objects-api/pull/422
[x] Objecttypes https://github.com/maykinmedia/objecttypes-api/pull/120
[x] Open Klant https://github.com/maykinmedia/open-klant/pull/199

Stappen om te reproduceren / Steps to reproduce

Create two users with the same email foo@bar.nl
Log in with foo@bar.nl and a password
Observe the error

Verwacht gedrag / Expected behavior

Since Open Zaak and Referentielijsten have a constraint on this, I would expect this to be used in the other components as well https://github.com/open-zaak/open-zaak/blob/72e9025f1f924d1ffcd5ab6f83df58e3696f622b/src/openzaak/accounts/models.py#L50-L54

joeribekker commented 2 days ago

Please also check if this is an issue in default project.

Coperh commented 2 days ago

Copy pasta

maykinmedia / open-api-framework

Several components allow logging in with email + password while User.email is not unique #39

Product versie / Product version

Omschrijf het probleem / Describe the bug

Stappen om te reproduceren / Steps to reproduce

Verwacht gedrag / Expected behavior