Should service accounts require unique emails?

signebedi / libreforms-fastapi

FastAPI implementation of the libreForms spec

GNU Affero General Public License v3.0

1 stars 1 forks source link

Should service accounts require unique emails? #308

Open signebedi opened 2 weeks ago

signebedi commented 2 weeks ago

Currently, User.email does not require uniqueness:

https://github.com/signebedi/libreforms-fastapi/blob/1686443093b3fbf9b28a663b5b237e840abb71ad/libreforms_fastapi/utils/sqlalchemy_models.py#L113-L116

Currently, the uniqueness check is done when registering users in the usual way, but the admin user creation need not do so, when a service account is being created. However, this may disrupt key assumptions in signebedi/sqlalchemy_signing that users will have a unique email.

signebedi commented 2 weeks ago

An intermixed issue is whether service account API tokens should be set to rotate every 365 days like the others. This is largely a question of customer need and risk tolerance.