Details
-
Type:
Bug
-
Status: Closed
-
Resolution: Fixed
-
Affects Version/s: 7.0.X, 7.1.X, Master
-
Fix Version/s: 7.0.0 DXP FP79, 7.0.10.11 DXP SP11, 7.0.X, 7.1.3 CE GA4, 7.1.10 DXP FP10, 7.1.10.2 SP2, 7.1.X, Master
-
Component/s: User Management
-
Branch Version/s:7.1.x, 7.0.x
-
Backported to Branch:Committed
-
Story Points:1
-
Fix Priority:4
-
Git Pull Request:
Description
Reproduction steps:
- Configure Liferay to authenticate users based on their screen name
company.security.auth.type=screenName
- Set up Liferay with LDAP
- Create a user in LDAP with e-mail address "test@liferay.com"
- Log in to Liferay with the created user
Experienced behavior: The login fails as a user already exists with the e-mail address test@liferay.com, however, the userId that is logged is incorrect
com.liferay.portal.kernel.exception.UserEmailAddressException$MustNotBeDuplicate: Email address ejnye@ja.hu must not be duplicate but is already used by user 78048 at com.liferay.portal.service.impl.UserLocalServiceImpl.validate(UserLocalServiceImpl.java:6593) at com.liferay.portal.service.impl.UserLocalServiceImpl.addUserWithWorkflow(UserLocalServiceImpl.java:960) at com.liferay.portal.service.impl.UserLocalServiceImpl.addUser(UserLocalServiceImpl.java:774)
This is happening because the exception is thrown the following way in the validate methods in the UserLocalServiceImpl class:
if (Validator.isNotNull(emailAddress)) { User user = userPersistence.fetchByC_EA(companyId, emailAddress); if ((user != null) && (user.getUserId() != userId)) { throw new UserEmailAddressException.MustNotBeDuplicate( userId, emailAddress); } }
if (!user.isDefaultUser()) { if (Validator.isNotNull(emailAddress) && !StringUtil.equalsIgnoreCase( user.getEmailAddress(), emailAddress)) { if (userPersistence.fetchByC_EA( user.getCompanyId(), emailAddress) != null) { throw new UserEmailAddressException.MustNotBeDuplicate( userId, emailAddress); } }
I believe they should be modified the following way:
if (Validator.isNotNull(emailAddress)) { User user = userPersistence.fetchByC_EA(companyId, emailAddress); if ((user != null) && (user.getUserId() != userId)) { throw new UserEmailAddressException.MustNotBeDuplicate( user.getUserId(), emailAddress); } }
if (!user.isDefaultUser()) { if (Validator.isNotNull(emailAddress) && !StringUtil.equalsIgnoreCase( user.getEmailAddress(), emailAddress)) { if (userPersistence.fetchByC_EA( user.getCompanyId(), emailAddress) != null) { throw new UserEmailAddressException.MustNotBeDuplicate( user.getUserId(), emailAddress); } }
The above code snippets are from master, so the issue is also reproducible there.
Planned solution:
Log message should be improved. What is useful information in this scenario it the user with the e-mail address in question, the e-mail address and the user who tries to set it, and companyId is needed to identify them properly. The user with the e-mail address can be identified by the e-mail address and the companyId so the the userId for that user would be redundant information.
To do:
Rephrase the log message to include the aformentioned information and update usages of UserEmailAddressException.MustNotBeDuplicate.