create_ticket_cc generates MultipleObjectsReturned Exception when multiple users have same email address

[brucegibbins]

The create_ticket_cc function attempts to build a User instance based on the cc email address. However, if there happens to be more than one use registered in Django that has the same email address, this function fails and if this is being actioned from a scheduled task monitoring for email tickets there is the potential for it to block any following email tickets from being processed.

Error occurs at line 485 in email.py

        try:
            user = User.objects.get(email=cced_email)  # @UndefinedVariable
        except User.DoesNotExist:
            pass

The quick fix was to find the users with the same email address (one was a test user) and either delete them or adjust the email address to be unique. The Django user entry seems to allow duplicate email addresses.

Alternative fix is to monitor for multiple results and respond accordingly and to somehow park the inbound email so that it is no processed again until a unique email address can be sorted out.

[uhurusurfa]

The right route to go will depend on whether it makes sense to have multiple users records with the same email address.
Since the email address has not been unique till now it is likely to be a breaking change if we now make it unique and so would have to justify it.
Many of the login recovery plugins rely on a unique email address (for the most part across all apps these days you are requested to enter an email address for recovery). The logical approach is to make the email address unique and the path I would support. Modern email servers allow the use of a + sign in the email name part and ignores everything from the + onwards for delivering the email to the right inbox allowing people to use the same email address for multiple user accounts. All of the below would deliver to the same inbox:
joe.soap@company.com
joe.soap+test@company.com
joe.soap+admin@company.com

If we made the email address unique then we could provide an upgrade script that searches for and modifies the 2nd and subsequent duplicate email addresses with a numeric number something like below:
test@company.com
test+2@company.com
test+3@company.com

[brucegibbins]

Would making the email address unique be limited to the HelpDesk App? I guess so, and would that then mean having a customised auth.user?

[uhurusurfa]

Unfortunately it would affect all other apps within the same Django project since they all must use the same User object for authentication to work.
The least disruptive route is to change the query to fetch all active user records (|the current query fails to omit inactive reccords) and if there is more than 1 then pick the first one and log a warning that there are multiple users with the same email address.

That may have undesirable consequences in that the user would have to be logged in against the user record that was first in the list to see it. Otherwise it relies on sending an email to that email address and the user will have to figure which account to login as to see it.

The only other way is to simply log an error message if there is more than 1 user recrod matching the email and not add any tocket for it.

[uhurusurfa]

Perhaps the simplest option is to add a hook into the save signal on the user model and check for duplicated email addresses manually. We could log a warning to the log system that it has consequences and then at least the issue is notified. We could send an email to the user when it is detected.
Because this is developed as a plugin app, there is no easy way to nofity a user via the UI that they may experience problems using multiple accounts wit hthe same email address.