Possible conflicting project slugs

[shaunanoordin]

Bug Report

It's possible to create conflicting project slugs by exploiting how _ in user & project names are standardised into - in the slug.

• Case 1: similar user names. Both zoo-tester-1 (who's, say, a Decepticon scientist) and zoo_tester_1 (an Autobot scholar) can create two projects similarly titled transformers. Both projects will resolve to the same URL: zooniverse.org/projects/zoo-tester-1/transformers
• Case 2: similar project names. zoo-tester-1 can create two projects called "Beast-Wars" and "Beast_Wars". Both projects will resolve to the same URL: zooniverse.org/projects/zoo-tester-1/beast-wars
• Also, as noted by @astopy , duplicates in project slugs can also be created by using variants of the 'dash' character in the name:

Also duplicates with - vs – vs —:

$ panoptes project ls duplicate
*6074 astopy/duplicate-test duplicate-test
*6075 astopy/duplicate-test duplicate–test
*6076 astopy/duplicate-test duplicate—test

Testing Notes

Testing was done on staging with the following variables:

• Username collision:
  • User zoo-tester-1 (ID 1325915), project transformers (ID 1824) - project about Decepticons
  • User zoo_tester_1 (ID 1325916), project transformers (ID 1825) - project about Autobots
• Project Name collision:
  • User zoo-tester-1, project Beast-Wars (ID 1826) and Beast_Wars (ID 1827) and Beast Wars (ID 1828)

The project users see when they go to a URL with conflicting project slugs will be the oldest project that has set visibility=public

Status

This is definitely some unintended behaviour, but it's difficult to say that this quirk is affecting any of our users in practice. It'd still be good to patch, to cover our edges.