I just came across this on my site - it is indeed possible to create a group with the same name as an existing username. Chaos ensues.
(Actually, not sure about the chaos - we had this situation for months before I noticed it today)
7 Likes
I think the reverse is also true, @tgxworld can you add this to your list, we definitely want to sort it out so usernames and groups can never share the same name.
8 Likes
I’ve added the missing server side validations for now in
https://github.com/discourse/discourse/commit/221503cd10d1421f1a0e02931c034d6cd468e57c
@sam I’m unsure about how we should proceed here with regards to the database constraints though, do you think it is worth extracting User#username and Group#name into a separate table? Those two columns are used frequently so having to join on another table might be expensive. Instead of splitting into another table, I was thinking of treating Group#name as having a lower priority than User#username. We’ll just run a periodic job that ensures that no group names would clash with a user. If someone manages to sneak a group named
test past our server side validations when a user test already exists, the job would just rename the group to test1.
5 Likes
I am assuming this is now sorted, so I am closing it.
3 Likes