Welcome to the Question2Answer Q&A. There's also a demo if you just want to try it out.
Ask a Question

srs plugin bug: deleted user still cannot reuse email to register again

+2 votes
201 views
in Q2A Core by
edited by

I noticed a bug (intentional behavior?)

steps:

  • Create user with mail@gmail.com
  • delete user from admin panel (UI, not from DB)
  • now the user is no longer in qtoa_users table.
  • If you register again you get still email already used. 

the reason behind this is because even after deletion, the email still exists in _pupi_srs_standarized_emails table. If I delete it from there manually the email becomes available for new registration again...

For some reason, the only emails I see in that standarized_emails table are gmail accounts... I am guessing this has to do with a measure to prevent multiple accounts with gmail's ability to make aliases with dots and +?

Q2A version: 1.8.8

1 Answer

+1 vote
by

You have made a good analysis. In short, it is a very improbable use case, but unarguably possible. This is because the reason why you have deleted the user would most likely be present at the time the user wants to come back. How "improbable" this is can be measured by counting this unique case against all the real spam users the plugin has blocked. Anyway, no matter how I justify this behavior, it is possible that the user might need to register again.

Here are some workarounds in order of preference:

  1. For someone with your technical background, I would recommend just to delete the corresponding record from ^pupi_srs_standarized_emails
  2. Register with another (ideally non-gmail and non-outlook) email address and then edit it from the account settings
  3. Disable the plugin until the user registers
Rather than a bug, I'd say there is a feature missing. This could be solved by providing admins a way to browse the blocked emails and unblock them, which would execute the step 1 I mentioned above. I'm not sure if the value it adds justifies the development effort... but I will think about it. Thanks for the clear and detailed question (those are not quite common lately).
by
No! thank you for being one of the few active devs and members around here! Much appreciated :)

Yes, I agree with you it is very improbable in real life. My use-case was artificial, I created the account. Deleted it manually to re-test user creation and email delivery on a new server.

The cases in real life are

1- using the script from here https://www.question2answer.org/qa/95827/clean-up-unconfirmed-users?show=95827

2- Or a fictional story : some spammer used (/hacked) someone's gmail  account and registered an account, an admin deletes the q2a account, user recovers his email, then coincidentally the user wants to register later (but for real this time)

For now I can at least keep a list of "banned" emails (print of simple select query) accessible in the admin UI for "normal" admins at least if they get questions from members, they can ping sys admins to "unban" the email
by
+1
I think I've come up with a simpler approach: just an input to submit email addresses to delete. I guess in most of the cases there should be a few (most likely one) email addresses to unblock upon each client request. So no need to have a whole list to browse them.

Please, take a look at v1.5.0 (don't expect feedback to the user after the deletion, that would be too much :P)
by
+1
THANK YOU! This is more than enough. Just tested it out. Works fine. Thanks
Snow Theme by Q2A Market
Powered by Question2Answer
...