Improper Email validation in the datahub UI #15022
Description
Describe the bug
Application allows admin user to create multiple users with the same Email address. No verification of the user is done while creating the user with same email address.
To Reproduce
Steps to reproduce the behavior:
- Login to the application as tst-auxusr1 (Editor) user and access the user profile module. Observe that the editor user account is linked with tst-auxusr1@xxx.com email address as shown below.
- Login to the application as tst-auxusr2 (Editor ) user and access the user profile module. Observe that the editor user account is linked with tst-auxusr2@xxx.com email address. Click the Edit Profile button and try to change the email address as shown below.
- Change the email address of TST-AUXUSR2 user to tst-auxusr1@xxx.com and click on save changes as shown below. Observe that both TST-AUXUSR1 and TST-AUXUSR2 users are mapped to tst-auxusr1@xxx.com mail address without any email validation from server side.
Expected behavior
- Always have an identifier in an account creation such as username, email address or first name. This would remove duplicity in account creation.
- Verify the user's email address when creating the user account and changing the user's email address.
Screenshots
NA
Desktop (please complete the following information):
- OS: [e.g. iOS]
- Browser [e.g. chrome, safari]
- Version [e.g. 22] : 1.1.0
Additional context
security vulnerability reported