cms icon indicating copy to clipboard operation
cms copied to clipboard

Published 20 hours ago verified publisher icon craftcms

Double-click on register form creates multiple users with the same email address

Open jamiepittock opened this issue 2 years ago • 9 comments

Description

We noticed some duplicate user accounts appearing that were being created at the same time and managed to have the same email address.

If I use our public registration form to create a new account using an email address that already exists, the form validation returns false and I'm told a user already exists with that email.

However, if I try to create a new account using an email address that doesn't exist, and I double click the form's submit button, two accounts are created.

Screenshot 2022-03-02 at 10 03 06

The only other Github issue I've found that might be related is #9835

Steps to reproduce

  1. Follow the steps in this knowledge base guide to allow public registrations and create a frontend registration form
  2. Double-click the form's submit button to submit the form twice successively

Additional info

  • Craft version: 3.7.35
  • PHP version: 7.4.26
  • Database driver & version: mysql 5.7

jamiepittock avatar Mar 02 '22 10:03 jamiepittock

@jamiepittock I think I have this sorted here: can you give it a try by requiring this in your composer.json and running update?

"craftcms/cms": "dev-develop as 3.7.36"

timkelty avatar Mar 03 '22 20:03 timkelty

Thanks @timkelty, that's fixed it locally 👍

jamiepittock avatar Mar 04 '22 08:03 jamiepittock

@brandonkelly will this fix be in a release today?

jamiepittock avatar Mar 07 '22 08:03 jamiepittock

@jamiepittock Not sure when the next release will be, sorry. This is currently the only meaningful change on develop, so should be completely safe to just deploy with composer.lock set to dev-develop.

brandonkelly avatar Mar 07 '22 20:03 brandonkelly

@timkelty @brandonkelly I'm sorry, I've just pushed dev-develop to both our staging and production sites and this issue is still there.

Locally I've managed to produce the issue once. I'm not sure why I've got this inconsistency locally...possibly my development environment is slower so it's not catching it??

Screenshots below of users. The second screenshot was a user created via the CP. For some reason I can reproduce it every time using our public registration form, but not every time creating new users via the control panel.

Screenshot 2022-03-09 at 09 24 20

Screenshot 2022-03-09 at 09 26 19

jamiepittock avatar Mar 09 '22 09:03 jamiepittock

FWIW I've got a remote development environment set up with a fresh install of Craft using dev-develop where I can reproduce this issue. I can send you access via a pro support ticket if it helps.

jamiepittock avatar Mar 09 '22 11:03 jamiepittock

@jamiepittock in my testing, I also noticed that it was only reproducible with a new session. After it happened once, it wouldn't again until I closed/reopened browser window.

So, it seems we're dealing with a race condition where the slightest of conditions throws it off.

While we work to resolve, it's worth noting that this can also be addressed with a tiny bit of javascript. Adding a lick handler on your submit button that disables the button would prevent a double click.

That said – it should also be accounted for on the backend, but the best solution is probably to have both in place so your double-click users don't get "email already taken" errors.

timkelty avatar Mar 09 '22 13:03 timkelty

I can send you access via a pro support ticket if it helps.

@jamiepittock That would be lovely!

timkelty avatar Mar 09 '22 13:03 timkelty

Craft 3.7.37 is out with the original fix.

brandonkelly avatar Mar 16 '22 21:03 brandonkelly