Fix: Make candidate account creation case insensitive and check for d…

[saikumarvasa100-hash]

…uplicate emails

This addresses issue compserv#500 by:

1. Making username comparison case-insensitive during candidate account provisioning
2. Adding duplicate email validation to prevent accounts with existing emails

Fixes compserv#500

Summary by CodeRabbit

• Bug Fixes
  • Improved duplicate detection during user provisioning to prevent duplicate accounts from being created when usernames match (case-insensitive) or when Berkeley email addresses already exist in the system.
  • Enhanced validation checks to more reliably identify and skip invalid or duplicate entries.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[coderabbitai]

Walkthrough

The provisioning process in hknweb/forms.py now performs upfront email duplicate detection by querying existing User emails from the database and skips provisioning rows where the username (case-insensitive) or email already exist.

Changes

Cohort / File(s)	Summary
Provisioning duplicate detection hknweb/forms.py	Added existing_emails set computed from database User objects; expanded provisioning skip condition to exclude rows with None username, case-insensitive duplicate usernames, or pre-existing emails.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

• Verify the database query for existing_emails is efficient and retrieves all necessary email records
• Confirm case-insensitive username comparison (lower()) is applied consistently
• Check that the skip condition logic correctly prioritizes all three checks (None, duplicate username, duplicate email)

Poem

🐰 A careful check we've now begun,
Each email and username, every one!
No doubles slip through, case matters not,
The database is queried on the spot! ✨

Pre-merge checks and finishing touches

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately describes the main changes: making candidate account creation case-insensitive and checking for duplicate emails, which aligns with the code modifications in hknweb/forms.py.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

✨ Finishing touches

• 📝 Generate docstrings

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch saikumarvasa100-hash-patch-1

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 2

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between e39741d and 1ebdcc5.

📒 Files selected for processing (1)

• hknweb/forms.py (2 hunks)

[coderabbitai]

⚠️ Potential issue | 🟠 Major

Make email comparison case-insensitive.

Email addresses should be treated as case-insensitive to prevent duplicate accounts with emails that differ only in case (e.g., "[email protected]" vs "[email protected]").

Apply this diff to handle emails case-insensitively:

+        from django.db.models.functions import Lower
+
         # Get existing emails
         emails = []
         for row in rows:
             email = row["Berkeley email"]
             if email:
                 emails.append(email)
 
-        existing_emails = set(
-            User.objects.filter(email__in=emails).values_list(
-                "email", flat=True
+        existing_emails = set(
+            User.objects.annotate(email_lower=Lower('email'))
+            .filter(email_lower__in=[e.lower() for e in emails])
+            .values_list('email_lower', flat=True)
-            )
         )

Then update the skip condition on line 257 to compare lowercased emails:

-            if (row["username"] is None) or (row["username"].lower() in existing_usernames) or (row["Berkeley email"] in existing_emails):
+            if (row["username"] is None) or (row["username"].lower() in existing_usernames) or (row["Berkeley email"].lower() in existing_emails):

Committable suggestion skipped: line range outside the PR's diff.

🤖 Prompt for AI Agents

In hknweb/forms.py around lines 228-240, the code collects emails without
normalizing case so lookups can miss duplicates; change it to normalize emails
to lowercase before querying and use a case-insensitive query against the DB
(e.g., annotate the User queryset with Lower('email') and filter on that
lowercase field using the list of lowercased emails), then build existing_emails
as a set of lowercased addresses; finally update the skip condition at line 257
to compare row_email.lower() against existing_emails.

[coderabbitai]

⚠️ Potential issue | 🔴 Critical

Fix indentation error and broken case-insensitive username check.

This code segment has two critical issues:

1. Indentation Error: Line 257 has excessive leading whitespace that will cause a Python IndentationError.

2. Broken Case-Insensitive Check: The username case-insensitive comparison is incorrect. existing_usernames (lines 223-227) contains usernames with their original casing from the database (e.g., "Alice"), but line 257 compares the lowercased username (e.g., "alice"). This means "alice" in {"Alice"} returns False, allowing duplicate accounts to be created.

Apply this diff to fix both issues. First, update the existing_usernames query (around lines 223-227) to store lowercased usernames:

+        from django.db.models.functions import Lower
+
-        existing_usernames = set(
-            User.objects.filter(username__in=usernames).values_list(
-                "username", flat=True
+        existing_usernames = set(
+            User.objects.annotate(username_lower=Lower('username'))
+            .filter(username_lower__in=[u.lower() for u in usernames])
+            .values_list('username_lower', flat=True)
-            )
         )

Then fix the indentation and condition on lines 257-258:

-                        if (row["username"] is None) or (row["username"].lower() in existing_usernames) or (row["Berkeley email"] in existing_emails):
-                continue
+            if (row["username"] is None) or (row["username"].lower() in existing_usernames) or (row["Berkeley email"] in existing_emails):
+                continue

🧰 Tools

🪛 Ruff (0.14.5)

258-258: unindent does not match any outer indentation level

(invalid-syntax)

🤖 Prompt for AI Agents

In hknweb/forms.py around lines 223-227 and 257-258, the code builds
existing_usernames with original casing and has a misindented condition that
compares a lowercased input username against those original-cased names (plus
extra leading whitespace causing an IndentationError). Update the query that
builds existing_usernames to store usernames lowercased (e.g., .lower() when
collecting from the DB) and then remove the extra leading whitespace on line 257
and change the condition to compare the input username lowercased against the
lowercased existing_usernames set (i.e., if row["username"] is None or
row["username"].lower() in existing_usernames or row["Berkeley email"] in
existing_emails: continue).