Different users with same e-mail causes error on create repositores and user creation from register #8

New Issue

Closed

opened 2025-11-02 03:03:14 -06:00 by GiteaMirror · 16 comments

GiteaMirror commented 2025-11-02 03:03:14 -06:00

Owner

Copy Link

Originally created by @joubertredrat on GitHub (Nov 2, 2016).

Originally assigned to: @lunny on GitHub.

• Gogs version (or commit ref): 0.9.97.0901
• Git version: 1.9.1
• Operating system: Ubuntu 14.04.5 LTS x64
• Database (use [x]):
  • PostgreSQL
  • MySQL
  • SQLite
• Can you reproduce the bug at https://try.gogs.io:
  • Yes (https://try.gogs.io/user/activate?code=2016092109210001800019682194a3e5a3bfe65a90bcd11eb7a010eea972656472617432)
  • No
  • Not relevant
• Log gist: https://gist.github.com/joubertredrat/7792a5e54410795c8cca270f96a4efe2

Description

I identified 2 issues about different users with same e-mail, one on my environment and other on demo.

On mine Gogs instance I have my one user provided by SMTP authentication with e-mail my@email. Today I created one local user with same e-mail my@email. After this, both users can't create repositories, as is in gist above. Other users can create repositories without problems.

For see if I can reproduce same problem, I go to test on Gogs demo, I created user redrat1 without problems. Then, I created user redrat2 with same email from redrat1. I received email to activate account, but If I try to enable user redrat2, causes error 500.

Reference: https://github.com/gogits/gogs/issues/3681

--- Want to back this issue? **[Post a bounty on it!](https://www.bountysource.com/issues/38896692-different-users-with-same-e-mail-causes-error-on-create-repositores-and-user-creation-from-register?utm_campaign=plugin&utm_content=tracker%2F47456670&utm_medium=issues&utm_source=github)** We accept bounties via [Bountysource](https://www.bountysource.com/?utm_campaign=plugin&utm_content=tracker%2F47456670&utm_medium=issues&utm_source=github).

Originally created by @joubertredrat on GitHub (Nov 2, 2016). Originally assigned to: @lunny on GitHub. - Gogs version (or commit ref): 0.9.97.0901 - Git version: 1.9.1 - Operating system: Ubuntu 14.04.5 LTS x64 - Database (use `[x]`): - [ ] PostgreSQL - [x] MySQL - [ ] SQLite - Can you reproduce the bug at https://try.gogs.io: - [x] Yes (https://try.gogs.io/user/activate?code=2016092109210001800019682194a3e5a3bfe65a90bcd11eb7a010eea972656472617432) - [ ] No - [ ] Not relevant - Log gist: https://gist.github.com/joubertredrat/7792a5e54410795c8cca270f96a4efe2 ## Description I identified 2 issues about different users with same e-mail, one on my environment and other on demo. On mine Gogs instance I have my one user provided by SMTP authentication with e-mail `my@email`. Today I created one local user with same e-mail `my@email`. After this, both users can't create repositories, as is in gist above. Other users can create repositories without problems. For see if I can reproduce same problem, I go to test on Gogs demo, I created user [`redrat1`](https://try.gogs.io/redrat1) without problems. Then, I created user [`redrat2`](https://try.gogs.io/redrat2) with same email from [`redrat1`](https://try.gogs.io/redrat1). I received email to activate account, but If I try to enable user [`redrat2`](https://try.gogs.io/redrat2), causes error 500. Reference: https://github.com/gogits/gogs/issues/3681 <bountysource-plugin> --- Want to back this issue? **[Post a bounty on it!](https://www.bountysource.com/issues/38896692-different-users-with-same-e-mail-causes-error-on-create-repositores-and-user-creation-from-register?utm_campaign=plugin&utm_content=tracker%2F47456670&utm_medium=issues&utm_source=github)** We accept bounties via [Bountysource](https://www.bountysource.com/?utm_campaign=plugin&utm_content=tracker%2F47456670&utm_medium=issues&utm_source=github). </bountysource-plugin>

GiteaMirror added the type/bug label 2025-11-02 03:03:14 -06:00

GiteaMirror closed this issue 2025-11-02 03:03:14 -06:00

GiteaMirror commented 2025-11-02 03:03:15 -06:00

Author

Owner

Copy Link

@strk commented on GitHub (Nov 3, 2016):

I think forbidding multiple users with same email could be a good idea, in general.

@strk commented on GitHub (Nov 3, 2016): I think forbidding multiple users with same email could be a good idea, in general.

GiteaMirror commented 2025-11-02 03:03:15 -06:00

Author

Owner

Copy Link

@joubertredrat commented on GitHub (Nov 3, 2016):

@strk If define email as UNIQUE in database and creates validation solves the problem

@joubertredrat commented on GitHub (Nov 3, 2016): @strk If define email as UNIQUE in database and creates validation solves the problem

GiteaMirror commented 2025-11-02 03:03:15 -06:00

Author

Owner

Copy Link

@lunny commented on GitHub (Nov 3, 2016):

An unique maybe not a good idea since there are the same email. It will result in the gitea can not start.

@lunny commented on GitHub (Nov 3, 2016): An unique maybe not a good idea since there are the same email. It will result in the gitea can not start.

GiteaMirror commented 2025-11-02 03:03:15 -06:00

Author

Owner

Copy Link

@strk commented on GitHub (Nov 3, 2016):

@lunny that's a migration/upgrade problem, yes, but if we think same-email should not be allowed, it would be useful to start preventing that for future accounts at least. Of course it's also important for code to be tolerant to unexpected database states.

@strk commented on GitHub (Nov 3, 2016): @lunny that's a migration/upgrade problem, yes, but if we think same-email should not be allowed, it would be useful to start preventing that for _future_ accounts at least. Of course it's also important for code to be tolerant to unexpected database states.

GiteaMirror commented 2025-11-02 03:03:16 -06:00

Author

Owner

Copy Link

@lunny commented on GitHub (Nov 4, 2016):

If user already have same emails on gitea/gogs database, when he upgrade gitea to the new version, it will report a migration error and will not start the service. At this situation, user MUST change the user's email on the database manually. That's not our expected situation. So we have to resolve this before we add an unique tag on email field.

@lunny commented on GitHub (Nov 4, 2016): If user already have same emails on gitea/gogs database, when he upgrade gitea to the new version, it will report a migration error and will not start the service. At this situation, user MUST change the user's email on the database manually. That's not our expected situation. So we have to resolve this before we add an unique tag on email field.

GiteaMirror commented 2025-11-02 03:03:16 -06:00

Author

Owner

Copy Link

@bkcsoft commented on GitHub (Nov 4, 2016):

If define email as UNIQUE in database and creates validation solves the problem

Like @lunny says, I've seen people (and bugs related to) use the same email for several accounts so a migration would be necessary.

Proposed migration flow:

No Collisions

• Currently at v0.9
• Upgrade to v1.1.0 (current milestone for this issue)
• Migration runs on start
• No duplicate emails found, Gogs starts as usual

Collisions

• Currently at v0.9
• Upgrade to v1.1.0 (current milestone for this issue)
• Migration runs on start
• Duplicate emails found, Gogs fails migration and throws an Error

PREFERED No Collisions

• Currently at v0.9
• Upgrade to v1.1.0 (current milestone for this issue)
• Migration runs on start
• No duplicate emails found, Gogs starts in Maintenance-mode, requiring Admins for login. Everything locked down except for settings.

Preferred way required Maintenance-mode (which hasn't been requested but would be nice :trollface: )

@bkcsoft commented on GitHub (Nov 4, 2016): > If define email as UNIQUE in database and creates validation solves the problem Like @lunny says, I've seen people (and bugs related to) use the same email for several accounts so a migration would be necessary. ### Proposed migration flow: #### No Collisions - Currently at v0.9 - Upgrade to v1.1.0 (current milestone for this issue) - Migration runs on start - No duplicate emails found, Gogs starts as usual #### Collisions - Currently at v0.9 - Upgrade to v1.1.0 (current milestone for this issue) - Migration runs on start - Duplicate emails found, Gogs fails migration and throws an Error #### **PREFERED** No Collisions - Currently at v0.9 - Upgrade to v1.1.0 (current milestone for this issue) - Migration runs on start - ~No~ duplicate emails found, **Gogs starts in `Maintenance`-mode**, requiring Admins for login. Everything locked down _except_ for settings. Preferred way required Maintenance-mode (which hasn't been requested but would be nice :trollface: )

GiteaMirror commented 2025-11-02 03:03:16 -06:00

Author

Owner

Copy Link

@strk commented on GitHub (Nov 7, 2016):

@bkcsoft you mean Duplicate emails found in the last bullet, right ?

I think we should go there incrementally, and the first step is preventing the registration of users with the same email as other users. From the original report in this ticket there is an attempt in code to prevent that (see how second user could not register with same email) but evidently not all code paths do check for that occurrence.

@strk commented on GitHub (Nov 7, 2016): @bkcsoft you mean `Duplicate emails found` in the last bullet, right ? I think we should go there incrementally, and the first step is preventing the registration of users with the same email as other users. From the original report in this ticket there is an attempt in code to prevent that (see how second user could not register with same email) but evidently not all code paths do check for that occurrence.

GiteaMirror commented 2025-11-02 03:03:16 -06:00

Author

Owner

Copy Link

@bkcsoft commented on GitHub (Dec 12, 2016):

@strk Correct. Changed the text now 😆

Indeed it should be done incrementally, could you have a look at that? 🙂

@bkcsoft commented on GitHub (Dec 12, 2016): @strk Correct. Changed the text now 😆 Indeed it should be done incrementally, could you have a look at that? 🙂

GiteaMirror commented 2025-11-02 03:03:17 -06:00

Author

Owner

Copy Link

@richmahn commented on GitHub (Dec 14, 2016):

Any work been done on this? We are needing to fix the problem as we have many people signing up through the API and they sometimes use the same email address, forgetting they are already in our system but with a different username.

@richmahn commented on GitHub (Dec 14, 2016): Any work been done on this? We are needing to fix the problem as we have many people signing up through the API and they sometimes use the same email address, forgetting they are already in our system but with a different username.

GiteaMirror commented 2025-11-02 03:03:17 -06:00

Author

Owner

Copy Link

@lunny commented on GitHub (Dec 15, 2016):

We maybe fix this on 1.1. We would like to limit email should be uniqued. So that every user have to use different email. Maybe you can ask your guys to change their email address?

@lunny commented on GitHub (Dec 15, 2016): We maybe fix this on 1.1. We would like to limit email should be uniqued. So that every user have to use different email. Maybe you can ask your guys to change their email address?

GiteaMirror commented 2025-11-02 03:03:17 -06:00

Author

Owner

Copy Link

@strk commented on GitHub (Dec 15, 2016):

Richard, are you able to provide a patch or pay someone to do so ?

@strk commented on GitHub (Dec 15, 2016): Richard, are you able to provide a patch or pay someone to do so ?

GiteaMirror commented 2025-11-02 03:03:17 -06:00

Author

Owner

Copy Link

@richmahn commented on GitHub (Dec 15, 2016):

@strk: We work on Gogs as a company, but mainly our own customizations (click on my above issue I made for our developers to see our repo, which is tailored for content editing and content linking/scrubbing/etc. rather than coding), but do try to do what we can for upstream (gitea), so if we tackle the issue I made, we will do it for upstream.

@lunny: Every time the 500 error comes up, we finally (hopefully more quickly now than before) realize it is this bug and have to make a quick email change. I guess we need to somehow search for the email address from the app/api before signing someone up for now.

@richmahn commented on GitHub (Dec 15, 2016): @strk: We work on Gogs as a company, but mainly our own customizations (click on my above issue I made for our developers to see our repo, which is tailored for content editing and content linking/scrubbing/etc. rather than coding), but do try to do what we can for upstream (gitea), so if we tackle the issue I made, we will do it for upstream. @lunny: Every time the 500 error comes up, we finally (hopefully more quickly now than before) realize it is this bug and have to make a quick email change. I guess we need to somehow search for the email address from the app/api before signing someone up for now.

GiteaMirror commented 2025-11-02 03:03:18 -06:00

Author

Owner

Copy Link

@simonszu commented on GitHub (Feb 8, 2017):

I have noticed a similar behaviour which is somehow related to the duplicate-email-issue.
I have set up a fresh instance of gitea without migrating from gogits. I have created two users with different email addresses but changed one user's mail address to the other's after that.

The result is an Error 500 every time one of these users try to login. However, the session starts up fine, and if you manually navigate to the logged in user's dashboard, it seems to work - until you go and view the commit history of a repo or single file and try to view an older commit. There you get an Error 500 as well which is not workaroundable.

So i think a unique flag for email addresses and enforcing it at registration or in the user control panel would be the best solution.

@simonszu commented on GitHub (Feb 8, 2017): I have noticed a similar behaviour which is somehow related to the duplicate-email-issue. I have set up a fresh instance of gitea without migrating from gogits. I have created two users with different email addresses but changed one user's mail address to the other's after that. The result is an Error 500 every time one of these users try to login. However, the session starts up fine, and if you manually navigate to the logged in user's dashboard, it seems to work - until you go and view the commit history of a repo or single file and try to view an older commit. There you get an Error 500 as well which is not workaroundable. So i think a unique flag for email addresses and enforcing it at registration or in the user control panel would be the best solution.

GiteaMirror commented 2025-11-02 03:03:18 -06:00

Author

Owner

Copy Link

@lunny commented on GitHub (Feb 17, 2017):

@simonszu which version have you installed?

@lunny commented on GitHub (Feb 17, 2017): @simonszu which version have you installed?

GiteaMirror commented 2025-11-02 03:03:18 -06:00

Author

Owner

Copy Link

@simonszu commented on GitHub (Feb 20, 2017):

@lunny I am a bit surprised that my installation does not report any version number, but a commit hash. It is Version: 6aacf4d. I installed it around Febrary 6th, 2017.

@simonszu commented on GitHub (Feb 20, 2017): @lunny I am a bit surprised that my installation does not report any version number, but a commit hash. It is Version: 6aacf4d. I installed it around Febrary 6th, 2017.

GiteaMirror commented 2025-11-02 03:03:18 -06:00

Author

Owner

Copy Link

@lunny commented on GitHub (Feb 20, 2017):

Yes. That's v1.0.1. I will fix this issue these days.

@lunny commented on GitHub (Feb 20, 2017): Yes. That's v1.0.1. I will fix this issue these days.

GiteaMirror referenced this issue 2025-11-02 04:38:59 -06:00

User session managment and audit #2512

GiteaMirror referenced this issue 2025-11-02 06:15:48 -06:00

login log and operation log #5141

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

main

release/v1.25

release/v1.24

release/v1.23

release/v1.22

release/v1.21

release/v1.20

release/v1.19

release/v1.18

release/v1.17

release/v1.16

release/v1.15

release/v1.14

release/v1.13

release/v1.12

release/v1.11

release/v1.10

release/v1.9

release/v1.8

v1.25.3

v1.25.2

v1.25.1

v1.25.0

v1.24.7

v1.25.0-rc0

v1.26.0-dev

v1.24.6

v1.24.5

v1.24.4

v1.24.3

v1.24.2

v1.24.1

v1.24.0

v1.23.8

v1.24.0-rc0

v1.25.0-dev

v1.23.7

v1.23.6

v1.23.5

v1.23.4

v1.23.3

v1.23.2

v1.23.1

v1.23.0

v1.23.0-rc0

v1.24.0-dev

v1.22.6

v1.22.5

v1.22.4

v1.22.3

v1.22.2

v1.22.1

v1.22.0

v1.23.0-dev

v1.22.0-rc1

v1.21.11

v1.22.0-rc0

v1.21.10

v1.21.9

v1.21.8

v1.21.7

v1.21.6

v1.21.5

v1.21.4

v1.21.3

v1.21.2

v1.20.6

v1.21.1

v1.21.0

v1.21.0-rc2

v1.21.0-rc1

v1.20.5

v1.22.0-dev

v1.21.0-rc0

v1.20.4

v1.20.3

v1.20.2

v1.20.1

v1.20.0

v1.19.4

v1.21.0-dev

v1.20.0-rc2

v1.20.0-rc1

v1.20.0-rc0

v1.19.3

v1.19.2

v1.19.1

v1.19.0

v1.19.0-rc1

v1.20.0-dev

v1.19.0-rc0

v1.18.5

v1.18.4

v1.18.3

v1.18.2

v1.18.1

v1.18.0

v1.17.4

v1.18.0-rc1

v1.19.0-dev

v1.18.0-rc0

v1.17.3

v1.17.2

v1.17.1

v1.17.0

v1.17.0-rc2

v1.16.9

v1.17.0-rc1

v1.18.0-dev

v1.16.8

v1.16.7

v1.16.6

v1.16.5

v1.16.4

v1.16.3

v1.16.2

v1.16.1

v1.16.0

v1.15.11

v1.17.0-dev

v1.16.0-rc1

v1.15.10

v1.15.9

v1.15.8

v1.15.7

v1.15.6

v1.15.5

v1.15.4

v1.15.3

v1.15.2

v1.15.1

v1.14.7

v1.15.0

v1.15.0-rc3

v1.14.6

v1.15.0-rc2

v1.14.5

v1.16.0-dev

v1.15.0-rc1

v1.14.4

v1.14.3

v1.14.2

v1.14.1

v1.14.0

v1.13.7

v1.14.0-rc2

v1.13.6

v1.13.5

v1.14.0-rc1

v1.15.0-dev

v1.13.4

v1.13.3

v1.13.2

v1.13.1

v1.13.0

v1.12.6

v1.13.0-rc2

v1.14.0-dev

v1.13.0-rc1

v1.12.5

v1.12.4

v1.12.3

v1.12.2

v1.12.1

v1.11.8

v1.12.0

v1.11.7

v1.12.0-rc2

v1.11.6

v1.12.0-rc1

v1.13.0-dev

v1.11.5

v1.11.4

v1.11.3

v1.10.6

v1.12.0-dev

v1.11.2

v1.10.5

v1.11.1

v1.10.4

v1.11.0

v1.11.0-rc2

v1.10.3

v1.11.0-rc1

v1.10.2

v1.10.1

v1.10.0

v1.9.6

v1.9.5

v1.10.0-rc2

v1.11.0-dev

v1.10.0-rc1

v1.9.4

v1.9.3

v1.9.2

v1.9.1

v1.9.0

v1.9.0-rc2

v1.10.0-dev

v1.9.0-rc1

v1.8.3

v1.8.2

v1.8.1

v1.8.0

v1.8.0-rc3

v1.7.6

v1.8.0-rc2

v1.7.5

v1.8.0-rc1

v1.9.0-dev

v1.7.4

v1.7.3

v1.7.2

v1.7.1

v1.7.0

v1.7.0-rc3

v1.6.4

v1.7.0-rc2

v1.6.3

v1.7.0-rc1

v1.7.0-dev

v1.6.2

v1.6.1

v1.6.0

v1.6.0-rc2

v1.5.3

v1.6.0-rc1

v1.6.0-dev

v1.5.2

v1.5.1

v1.5.0

v1.5.0-rc2

v1.5.0-rc1

v1.5.0-dev

v1.4.3

v1.4.2

v1.4.1

v1.4.0

v1.4.0-rc3

v1.4.0-rc2

v1.3.3

v1.4.0-rc1

v1.3.2

v1.3.1

v1.3.0

v1.3.0-rc2

v1.3.0-rc1

v1.2.3

v1.2.2

v1.2.1

v1.2.0

v1.2.0-rc3

v1.2.0-rc2

v1.1.4

v1.2.0-rc1

v1.1.3

v1.1.2

v1.1.1

v1.1.0

v1.0.2

v1.0.1

v1.0.0

v0.9.99

Labels

Clear labels

$20

$250

$50

$500

backport/done

💎 Bounty

docs-update-needed

good first issue

hacktoberfest

issue/bounty

issue/confirmed

issue/critical

issue/duplicate

issue/needs-feedback

issue/not-a-bug

issue/regression

issue/stale

issue/workaround

lgtm/need 2

modifies/api

modifies/translation

outdated/backport/v1.18

outdated/theme/markdown

outdated/theme/timetracker

performance/bigrepo

performance/cpu

performance/memory

performance/speed

pr/breaking

proposal/accepted

proposal/rejected

pr/wip

pull-request

Mirrored from GitHub Pull Request

reviewed/wontfix

💰 Rewarded

skip-changelog

status/blocked

topic/accessibility

topic/api

topic/authentication

topic/build

topic/code-linting

topic/commit-signing

topic/content-rendering

topic/deployment

topic/distribution

topic/federation

topic/gitea-actions

topic/issues

topic/lfs

topic/mobile

topic/moderation

topic/packages

topic/pr

topic/projects

topic/repo

topic/repo-migration

topic/security

topic/theme

topic/ui

topic/ui-interaction

topic/ux

topic/webhooks

topic/wiki

type/bug

type/deprecation

type/docs

type/enhancement

type/feature

type/miscellaneous

type/proposal

type/question

type/refactoring

type/summary

type/testing

type/upstream

No Label type/bug

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

GiteaMirror ninjasurge

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/gitea#8