5.94 (and prev?): if double email, no email password recovery possible

Please report bugs and any annoyances here. Kindly include all possible details: steps to reproduce, expected result, actual result, screenshots, ... etc.
Post Reply
User avatar
onoehring
AppGini Super Hero
AppGini Super Hero
Posts: 858
Joined: 2019-05-21 22:42
Location: Germany
Contact:

5.94 (and prev?): if double email, no email password recovery possible

Post by onoehring » 2021-02-01 08:53

Hi,

as we found here ( viewtopic.php?p=16331#p16312 ) if an email address is used for more than one account, this email address can not be used to reset a password: No password-reset mail is being sent.

This is a problem if those people loose their password.

Olaf

User avatar
a.gneady
Site Admin
Posts: 1145
Joined: 2012-09-27 14:46
Contact:

Re: 5.94 (and prev?): if double email, no email password recovery possible

Post by a.gneady » 2021-02-06 10:43

Hi Olaf,

Hmm ... the ultimate fix for this issue is to prevent the same email address from being associated to more than one username. Allowing this in AppGini was admittedly a design mistake :roll:

So, I need your input on how to best fix this in future releases ... the best way in my opinion is to add a unique index on the membership_users.email field, and show an error during sign up (as well as when adding a user in the admin area) ... something like: "Another account is already using this email address. Try another email, or attempt to reset the password for this email".

However, for existing apps that, for whatever reason, have duplicate emails in membership_users table, this won't work .. in that case, the code for applying a unique index on the email field would fail, and in that case, the admin would see a warning message like "Some users of this app have duplicate email addresses. Please notify them to update their emails.", and this message would link to an admin page listing the users with duplicate emails, with maybe the ability to select all or some and send a notification, and the ability to edit the email address directly in that page.

This admin message would keep showing up to admin until there are no duplicate emails in membership_users.

Need your thoughts on this dear users :)
:idea: Calendar plugin: Organize your data into beautiful calendars.
:arrow: Mass Update plugin: Update multiple records at once and improve your workflow efficiency.
:arrow: Summary Reports plugin: Build powerful reports and charts for your AppGini apps.
:arrow: Search Page Maker: Compose user-friendly yet powerful search pages for your AppGini apps.

User avatar
jsetzer
AppGini Super Hero
AppGini Super Hero
Posts: 968
Joined: 2018-07-06 06:03
Location: Kiel, Germany
Contact:

Re: 5.94 (and prev?): if double email, no email password recovery possible

Post by jsetzer » 2021-02-06 11:07

My personal opinion:
Please stick to allowing an identical email address for multiple users (or make it configurable via config.php).
Please do not deny this option for backward-compatibility and for simplicity of testing notification and workflow during development

Those users can still use the change-password option in membership_profile.php.
Kind regards,
<js />

SkayyHH
Veteran Member
Posts: 294
Joined: 2015-04-27 21:18
Location: Germany

Re: 5.94 (and prev?): if double email, no email password recovery possible

Post by SkayyHH » 2021-02-06 18:54

I think the email address should be unique. If we then see that the (meaningful) request for a password function does not work, that should be changed.

I think it's good how ahmed suggested it.

However, I would do it so that the email address is not a mandatory field. on the one hand there is no email address confirm function, which would be necessary for a proper registration of new users and you can then omit the email address for testing.

If no email address is then stored, the request for a password function should not be shown for the user.

User avatar
onoehring
AppGini Super Hero
AppGini Super Hero
Posts: 858
Joined: 2019-05-21 22:42
Location: Germany
Contact:

Re: 5.94 (and prev?): if double email, no email password recovery possible

Post by onoehring » 2021-02-08 09:24

Hi Ahmed,

well, it's tricky as already discussed in the other thread.
When looking at AG, we see, that users do not sign in using their email addresses (at this time). Using the email address to sign in to your account is very often the case nowadays and as we can see, it's easy for the developers as we have unique identities in our applications.
You did go another path with AG. Allowing only unique usernames but email addresses are not unique is kind of the other way around. Well, why not, it's not good, it's not bad, it's just different.

Starting from the current point of view, I do not see a reason why email addresses should be unique. There can be multiple reasons to use the same email. As the useraccounts using the same email will probably be all the same person, this enables us to create useraccounts for different groups - but all accounts using the same email address. Example: user_normal (email: [email protected]), user_manager ([email protected]) and user_factoryhead ([email protected]). The person behind [email protected] might have reasons why to log into his account _normal, or _manager or _factoryhead. For this reason I do not think it's needed to have unique email addresses.
Also Jan made a point: Backwards compatibility. Well, as today everyone can create as many email address as needed, it should probably not be too hard to change this and create more addresses, but this may be a too personal point of view.

We can probably agree, that the user has to have unique credentials. As an emailaddress identifies a person (most likely), this seems to be a good way to identify people. At the same time it gives away some privacy as others can test if the emailaddress is already taken, and if, they do can be certain, the person has an account there already. This could possible lead to further security problems (I know, this is thinking big, but still worth mentioning).
As the username can be something random there is no such problem to be anticipated.

Unique emailaddresses would allow people to sign in using their email address. Unforteunately I again and again see people not knowing their login names, but usually they know their email address. This is one point to make email addresses unique (I believe).

Thinking about all this, I, at this time, would vote for letting the superadmin decide if email addresses should be unique. This could even be done setting a UNIQUE constraint in the database. For cases as Jan describes, the superadmin may not do this (or check email addresses first), for clean installations of in other cases this might be the way to go. IF emailaddresses are unique, it should be possible to use those (or the loginname) to sign into ones account.
Also: If someone requests a password reset by email, this is no problem for a system (maybe at this time for AG). Just check, if the email exists (select count(X) from membership_users where email = ....). If the emailaddress is found, send the password reset once. Done. At this time I simply see a little bug checking for the existence of the email address in the AG database.

Olaf

User avatar
onoehring
AppGini Super Hero
AppGini Super Hero
Posts: 858
Joined: 2019-05-21 22:42
Location: Germany
Contact:

Re: 5.94 (and prev?): if double email, no email password recovery possible

Post by onoehring » 2021-02-08 09:30

Hi,

I forgot: I requested unique IDs for the membership_users table already ( viewtopic.php?f=6&t=4138 ). In my opinion neither the email not username are so unique that they could be used in development. So, as we are talking about this table we may consider adding an autoincrement unqiue primary key ... ID

Olaf

pfrumkin
Veteran Member
Posts: 91
Joined: 2020-02-18 17:58
Location: Albuquerque, New Mexico USA

Re: 5.94 (and prev?): if double email, no email password recovery possible

Post by pfrumkin » 2021-02-08 14:03

Maybe this was suggested but I did not see it.

Can you make it a configurable setting under Security Settings on the App configuration page (default unchecked)? I imagine that checking the box just sets the email address to unique in the db. You would have to decide how to handle if checking the box after some time, allowing multiple accounts for the same email to be created.

~Paul

User avatar
baudwalker
Veteran Member
Posts: 148
Joined: 2015-02-03 08:08
Location: Bellingen NSW Australia

Re: 5.94 (and prev?): if double email, no email password recovery possible

Post by baudwalker » 2021-02-16 21:51

Email addresses are a dime a dozen or even cheaper. There is absolutely no reason to have multiple users with the same email. But for those who think it is necessary to do so please make it configurable. Then for those who wish unique emails can the field be made unique. Therefor the configuration should be in the AppGini application and not in the Admin area.

Barry

SkayyHH
Veteran Member
Posts: 294
Joined: 2015-04-27 21:18
Location: Germany

Re: 5.94 (and prev?): if double email, no email password recovery possible

Post by SkayyHH » 2021-02-17 07:15

The email recovery function cannot work if there are multiple emails. But you can use emails multiple times. What's the point?

I wouldn't confuse the users of the generated app. Therefore please do not a switch to the admin of the generated app. This may be interesting for someone who uses the app for themselves or where users only use the frontend. But if we give the app on-premises to a customer who manages the admin himself, this switch will confuse him.

From my point of view, if absolutely necessary, make settings in the AppGini Windows app or prevent duplicate emails. From the customers point of view, it is not llogical to allow duplicate emails and kill the password recovery function with that.

For existing apps, it might be good if the generated app checks whether there are duplicate emails and then outputs a warning information when a user want his password recovered. If that's not already happening.

The same goes for strong passwords. Some would like a switch in the admin of the generated app to allow simple passwords. That doesn't make much sense to me. On the one hand, according to the data protection regulation, this is not even permitted for use by customers On Premises. As a software provider, you have to do everything to ensure that security is possible by default and cannot simply be eliminated. But otherwise such an option in the admin confuses a customer.

I would also like to have such an option only in the Windows app and not in the generated app.

I think AppGini always has to work for multiple purposes:

1.) For those who only need for themselves. It would be comfortable for him to have everything in the admin of the generated app.

2.) The person who operates the app in the cloud and his users only see the front end. It's okay for him to have everything in the admin of the generated app.

3.) Those who give the generated OnPremises app to their customers probably want the admin to be as simple, intuitive and error-free as possible. Probably not many use AppGini OnPremises. I have just decided on AppGini for this purpose, because AppGini is already intuitive, easy to update by the customer himself, and Appgini updates the database. For this purpose, however, there should not be any switches in the admin that could lower security or mke the email recovery function unusable.

And you can also create a user directly in the database for demo purposes (Admin: Admin and Demo: Demo). We don't need AppGini for that.

User avatar
onoehring
AppGini Super Hero
AppGini Super Hero
Posts: 858
Joined: 2019-05-21 22:42
Location: Germany
Contact:

Re: 5.94 (and prev?): if double email, no email password recovery possible

Post by onoehring » 2021-02-18 09:37

Hi SkyHH,

I would like to pick up one line from you. You are writing
The email recovery function cannot work if there are multiple emails.
but I think this is not correct: The email recovery function can work if there are multiple emails - the case, that it currently does not work must be a simple bug.

Olaf

SkayyHH
Veteran Member
Posts: 294
Joined: 2015-04-27 21:18
Location: Germany

Re: 5.94 (and prev?): if double email, no email password recovery possible

Post by SkayyHH » 2021-02-18 19:57

Hi Olaf,

I think it can not work with actual appgini. You can enter in the AppGini password recovery function an email to which the password will be sent.

If now 2 members have the same password - which of the two passwords should AppGini send? How is appgini supposed to know which one is the one you want?

For it to work, the complete login for the password recovery function would have to be entered. I.e. username and email and not just the email. And there would also have to be a check that this combination is not duplicated.

Or do i have a mistake in my thinking?

Many greetings, Kai

User avatar
onoehring
AppGini Super Hero
AppGini Super Hero
Posts: 858
Joined: 2019-05-21 22:42
Location: Germany
Contact:

Re: 5.94 (and prev?): if double email, no email password recovery possible

Post by onoehring » 2021-02-19 07:37

Hi,

I would interpret it differently:
If 2 people share/use the same email address, it's essentially only one person. So, as long, as AG sends a recovery link to that address (send only once - a simple SQL GROUP or LIMIT 1), the people with that address can recover their password.
There is no need to have enter LG and PW. If someone else enters only one thing, the user can still ignore the pw reset request.

Olaf

User avatar
baudwalker
Veteran Member
Posts: 148
Joined: 2015-02-03 08:08
Location: Bellingen NSW Australia

Re: 5.94 (and prev?): if double email, no email password recovery possible

Post by baudwalker » 2021-02-22 00:40

Password retrieval with multiple users using the same email did not work back in 2015 and still does not work. So, I believe, it would be safe to say that it never worked

Barry

SkayyHH
Veteran Member
Posts: 294
Joined: 2015-04-27 21:18
Location: Germany

Re: 5.94 (and prev?): if double email, no email password recovery possible

Post by SkayyHH » 2021-02-22 21:04

Hi Olaf,

I have not yet understood this correctly.

For which of the two accounts in your example should the recover password link be, if appgini does not know the associated username?

For my understanding it can not work if several accounts use the same email address.

How is Appgini supposed to assign for which of the different accounts the password is requested?

Many greetings, Kai

User avatar
baudwalker
Veteran Member
Posts: 148
Joined: 2015-02-03 08:08
Location: Bellingen NSW Australia

Re: 5.94 (and prev?): if double email, no email password recovery possible

Post by baudwalker » 2021-02-22 22:06

It does not replay at all

User avatar
onoehring
AppGini Super Hero
AppGini Super Hero
Posts: 858
Joined: 2019-05-21 22:42
Location: Germany
Contact:

Re: 5.94 (and prev?): if double email, no email password recovery possible

Post by onoehring » 2021-02-23 06:47

Hi,

the point is: AG should send and email if the address exists. It should not matter, how many of them there are, always ONE email should be send to the email address that was a recovery requested for.
Two different people can have the same email address and it does not matter. IF they share an email address, they probably share more things and they can also ask the other person "What was our password again". Or, one simply request a reset and does that request ... and should notify the other person.
The current situation, that AG does not send any reset-mail if the email address occurs more than once in the member table is definitely a bug.

Olaf

SkayyHH
Veteran Member
Posts: 294
Joined: 2015-04-27 21:18
Location: Germany

Re: 5.94 (and prev?): if double email, no email password recovery possible

Post by SkayyHH » 2021-02-23 17:28

I still don't understand how you mean it.

How is appgini supposed to know which account to send the password reset link for?

i.e.

UserAccount1
Username: Paul
Email: [email protected]

UserAccount2
Username: Henry
Email: [email protected]

Now is a request for a password reset by entering the email address [email protected] (without username).

AppGini does not know if UserAccount1 or UserAccount2 should be reset.

User avatar
onoehring
AppGini Super Hero
AppGini Super Hero
Posts: 858
Joined: 2019-05-21 22:42
Location: Germany
Contact:

Re: 5.94 (and prev?): if double email, no email password recovery possible

Post by onoehring » 2021-02-24 08:35

Hi,

why should AG need to know that? You provided a valid email address, and a mail should be send to [email protected]

Olaf

hgarbe
Veteran Member
Posts: 38
Joined: 2020-01-21 17:35

Re: 5.94 (and prev?): if double email, no email password recovery possible

Post by hgarbe » 2021-02-24 08:54

Hi,

I just use appgini for private projects, but in the context of this discussions I want to add same thoughts from my daily job experience in a big companys IT division. As using an email adress as login sounds tempting from a user perspective, I STRONGLY wouldn't want to see this in a future update as primary user ID. A name can change and so can an email adress. Simply e.g. someone got married. A persistent userid wouldn't.
Other point: GDPR. Users regardless of the kind (customer or employee) has a right to be technically forgotten vs. data retention policies.
You can keep an user id in logs etc. for this use case but are not allowed to store an email adress forever.
In a nutshell: I don't want to see that coming for appgini!
Maybe an intermediate way: why not make email an optional login way? Like login with unique ID or Email.

btw: which case besides testing reasons users in a productive env. share the same email?

User avatar
onoehring
AppGini Super Hero
AppGini Super Hero
Posts: 858
Joined: 2019-05-21 22:42
Location: Germany
Contact:

Re: 5.94 (and prev?): if double email, no email password recovery possible

Post by onoehring » 2021-02-24 09:33

Hi hgarbe,

thank you for your opinion.
I agree, that email as PK is not a good idea, and I requested this as a feature ( viewtopic.php?f=6&t=4138 ).

Actually, a manager in company X might have another login with lower permissions to .. well ... test ;-) and thus may use the same email more than once.

Olaf

hgarbe
Veteran Member
Posts: 38
Joined: 2020-01-21 17:35

Re: 5.94 (and prev?): if double email, no email password recovery possible

Post by hgarbe » 2021-02-25 00:51

onoehring wrote:
2021-02-24 09:33
Hi hgarbe,

thank you for your opinion.
I agree, that email as PK is not a good idea, and I requested this as a feature ( viewtopic.php?f=6&t=4138 ).

Actually, a manager in company X might have another login with lower permissions to .. well ... test ;-) and thus may use the same email more than once.

Olaf
Hi Olaf,

absolutely support your request! Beside which format this unique ID then happens to be, it would help. Also would be an enabler to simply use the User table for lookups. And thinking about the Password Reset Bug/Issue: if i'd be the user to reset my password, I would expect that using an email resets all pw for associated users with that email. So I also would call this a bug rather than a feature :D


Post Reply