Details
-
Bug
-
Status: Closed
-
Resolution: Fixed
-
7.0.X, 7.1.X, Master
-
7.1.x, 7.0.x
-
Committed
-
1
-
4
Description
Reproduction steps:
- Configure Liferay to authenticate users based on their screen name
company.security.auth.type=screenName
- Set up Liferay with LDAP
- Create a user in LDAP with e-mail address "[email protected]"
- Log in to Liferay with the created user
Experienced behavior: The login fails as a user already exists with the e-mail address [email protected], however, the userId that is logged is incorrect
com.liferay.portal.kernel.exception.UserEmailAddressException$MustNotBeDuplicate: Email address [email protected] must not be duplicate but is already used by user 78048 at com.liferay.portal.service.impl.UserLocalServiceImpl.validate(UserLocalServiceImpl.java:6593) at com.liferay.portal.service.impl.UserLocalServiceImpl.addUserWithWorkflow(UserLocalServiceImpl.java:960) at com.liferay.portal.service.impl.UserLocalServiceImpl.addUser(UserLocalServiceImpl.java:774)
This is happening because the exception is thrown the following way in the validate methods in the UserLocalServiceImpl class:
if (Validator.isNotNull(emailAddress)) { User user = userPersistence.fetchByC_EA(companyId, emailAddress); if ((user != null) && (user.getUserId() != userId)) { throw new UserEmailAddressException.MustNotBeDuplicate( userId, emailAddress); } }
if (!user.isDefaultUser()) { if (Validator.isNotNull(emailAddress) && !StringUtil.equalsIgnoreCase( user.getEmailAddress(), emailAddress)) { if (userPersistence.fetchByC_EA( user.getCompanyId(), emailAddress) != null) { throw new UserEmailAddressException.MustNotBeDuplicate( userId, emailAddress); } }
I believe they should be modified the following way:
if (Validator.isNotNull(emailAddress)) { User user = userPersistence.fetchByC_EA(companyId, emailAddress); if ((user != null) && (user.getUserId() != userId)) { throw new UserEmailAddressException.MustNotBeDuplicate( user.getUserId(), emailAddress); } }
if (!user.isDefaultUser()) { if (Validator.isNotNull(emailAddress) && !StringUtil.equalsIgnoreCase( user.getEmailAddress(), emailAddress)) { if (userPersistence.fetchByC_EA( user.getCompanyId(), emailAddress) != null) { throw new UserEmailAddressException.MustNotBeDuplicate( user.getUserId(), emailAddress); } }
The above code snippets are from master, so the issue is also reproducible there.
Planned solution:
Log message should be improved. What is useful information in this scenario it the user with the e-mail address in question, the e-mail address and the user who tries to set it, and companyId is needed to identify them properly. The user with the e-mail address can be identified by the e-mail address and the companyId so the the userId for that user would be redundant information.
To do:
Rephrase the log message to include the aformentioned information and update usages of UserEmailAddressException.MustNotBeDuplicate.
Attachments
Issue Links
- causes
-
- Closed
-
- Closed