Groups allow duplicate members
Summary
A customer reported seeing duplicate group members in their group list. Upon further investigation with support we identified that duplicate entries really do exist in the database.
There is a uniqueness constraint on user_id
:
validates :user_id, uniqueness: { scope: [:source_type, :source_id],
message: "already exists in source",
allow_nil: true }
But there's no matching unique index on the database. So conceivably there's a way this could sneak by, but I'm not sure what it is yet.
I checked the API and the add a member endpoint checks if the user is a member first, then adds them. Most other places in code I've seen use group.add_user
which I've verified is also subject to the validation. So I'm a bit stumped here. But the fact remains, the database allows it, and we have this happening in the wild.
Another interesting thing about the specific customer case on GitLab.com is that the created_at
and updated_at
values are identical for the duplicates, too. So these duplicates happened at the same time.
Steps to reproduce
We don't have reproduction steps yet.
Example Project
See customer report in Zendesk at https://gitlab.zendesk.com/agent/tickets/153090 (internal). We can't post the customer info here.