Closed abma closed 4 years ago
the oldest user account found in the db with the specified email is used - https://github.com/spring/uberserver/blob/master/SQLUsers.py#L637
new user accounts must use unique emails https://github.com/spring/uberserver/blob/master/SQLUsers.py#L581
resetting all is probably a bad idea, we want to encourage one account per (non-bot) user
the email field existed basically unused for years, so who knows what's inside it.... imposing a uniqueness constraint inside the db could now only be done by direct access/modification.
ouch. this could be done much cleaner:
response = self.sess().query(User).filter(User.email == email).order_by(model.User.register_date)
(untested)
for uniqueness in db: poke me, i can change that
n2s: currently CREATEBOTACCOUNT allows a new bot account to share an email with the 'parent' non-bot account it copied pw/email; if we enforced db uniqueness, we would have to change this.
(as it stands currently, a consequence is that, bot accounts can only have pw reset requests sent by moderators)
@abma
CREATEBOTACCOUNT now creates bots with email=None
mail is no unique field: what happens when multiple results are returned? are all passwords reset?