- Ensure the short code is unique among all short codes that have not yet expired.
- Allow protecting the signup controller against duplicate external email addresses, and duplicate source IP addresses.
- Group Reviewers
Doesn't this check mean that if you accidentally generate a collision with an expired code it's reused?
ExternalEmail rule is also used to validate group (distlist) members. And is not, but actually should be used to validate user external email. So, doing the signup related checks here is not right.
Then where should they be?
This is apparently moving anyway.
No, but it at least prevents this;
MariaDB [kolabdev]> select count(*) as count, short_code from signup_codes where expires_at > NOW() group by short_code order by count desc limit 0,10; +-------+------------+ | count | short_code | +-------+------------+ | 3 | ***** | | 3 | ***** | | 3 | ***** | | 2 | ***** | (...) 10 rows in set (0.077 sec)
To me this code reads like:
Maybe it's okay to reuse expired shortcodes because they're about to be purged anyways? In either case you shouldn't end up with duplicates, so at best this is an optimization (that may or may not be necessary) and at worst it's masking an error in the uniqueness guarantee.