Multiple Users Able to Register with the Same Username[Feature]: #823
Comments
|
Hello @divyanshahlawat! 🌟 Don't forget to hit the ⭐ star button 😉 Tip Don't forget to check our Contributing Guidelines, PR Guidelines and Issue Guidelines for more details. |
|
@digitomize please assign this issue to me under GSSOC. |
|
Hey @divyanshahlawat, can you create 2 users with same username and different emails? I think we already have this restriction. Please let me know the emails - to check if they have same username. (You can connect on discord for this) |
|
hey @pranshugupta54 i have checked this issue and yes you are able to create any number of accounts with same username and different email id. I would like to implement the unique user name module which first checks for the user name in the db and then gives error about username uniqueness. Can you please assign me this issue |
|
@amit429, you created 3 dummy accounts but all of them have different usernames. 🤔 |
|
We never allot same username to multiple accounts - if the user used same username while signup - then we just generate a random username. We should instead show an error message saying that username is not available. We can make a separate API for username check - whenever the user writes inside the input box, we'll make a call to the server to check if it's available and then show it directly. We would required you guyz to first setup the project locally and then we'll assign it. |
|
This issue did not get any activity in the past 10 days and will be closed in 180 days if no update occurs. Please check if the develop branch has fixed it and report again or close the issue. |
Separate API for username checkHey @pranshugupta54 , I think i can make a separate api for backend calling, PLEASE assign me this issue |
|
@KoushikBaagh, we can surely make it. Make a separate issue for it - to add a username check with backend API calling but make sure that we don't have too many calls with it. |
|
@pranshugupta54 Please Check issue number #1007 |
|
@pranshugupta54 I was just reading this thread and saw you talking about making minimum API calls regarding username check, do you think anyone who is implementing this feature should also keep in mind that they are not querying the whole database to find any instance of the name that the user searched for? Or is that not a concern right now? If that is something worth worrying about I do have some ideas to reduce that with some overhead |
I have identified a potential security vulnerability within our application's user registration system. It appears that the system allows multiple users to register with the same username, which poses significant risks to data integrity and user account security.
To address this security concern, I recommend the following actions:
Implement server-side validation to enforce uniqueness constraints on usernames during the registration process.
Enhance error handling to provide clear feedback to users when attempting to register with a username that is already in use.
Perform thorough testing to ensure that the fix is effective and does not introduce any regressions.
@digitomize please assign this issue to me under GSSOC.
The text was updated successfully, but these errors were encountered: