- Ensure the short code is unique among all short codes that have not yet expired.
- Allow protecting the signup controller against duplicate external email addresses, and duplicate source IP addresses.
Details
- Reviewers
machniak - Group Reviewers
Restricted Project
None
Diff Detail
- Repository
- rK kolab
- Branch
- master
- Lint
No Lint Coverage - Unit
No Test Coverage - Build Status
Buildable 37439 Build 15017: arc lint + arc unit
Event Timeline
src/app/SignupCode.php | ||
---|---|---|
107 | Doesn't this check mean that if you accidentally generate a collision with an expired code it's reused? |
src/app/Rules/ExternalEmail.php | ||
---|---|---|
46 | Perhaps add a comment that this is the same message on purpose, otherwise we're bound to "fix" this. |
src/app/Rules/ExternalEmail.php | ||
---|---|---|
41 | ExternalEmail rule is also used to validate group (distlist) members. And is not, but actually should be used to validate user external email. So, doing the signup related checks here is not right. |
src/app/Rules/ExternalEmail.php | ||
---|---|---|
41 | Then where should they be? | |
46 | This is apparently moving anyway. | |
src/app/SignupCode.php | ||
107 | No, but it at least prevents this; MariaDB [kolabdev]> select count(*) as count, short_code from signup_codes where expires_at > NOW() group by short_code order by count desc limit 0,10; +-------+------------+ | count | short_code | +-------+------------+ | 3 | ***** | | 3 | ***** | | 3 | ***** | | 2 | ***** | (...) 10 rows in set (0.077 sec) |
src/app/SignupCode.php | ||
---|---|---|
107 | To me this code reads like:
Maybe it's okay to reuse expired shortcodes because they're about to be purged anyways? In either case you shouldn't end up with duplicates, so at best this is an optimization (that may or may not be necessary) and at worst it's masking an error in the uniqueness guarantee. |