Users are receiving multiple confirmation emails from Hipchat Server
Platform notice: Server and Data Center only. This article only applies to Atlassian products on the Server and Data Center platforms.
Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.
*Except Fisheye and Crucible
This is for an outdated version of Hipchat Server
This article applies to a version of Hipchat Server which will be deprecated soon. After that period the version will no longer be supported.
You should upgrade to a more recent version of Hipchat Server as soon as you can to take advantage of new features, and security and bug fixes.
Problem
- Some Hipchat Server users inexplicably receive multiple emails asking them to confirm their email address.
The Hipchat Server administrator may see the following in the Audit Log page for the users in question:
Event Description Acting user IP address Date Confirmed account Account confirmed for Joe S Joe S 192.168.0.68 Today at 4:48pm Confirmed account Account confirmed for Mark L Mark L 192.168.0.68 Today at 11:58am Confirmed account Account confirmed for Mark L Mark L 192.168.0.66 Jun 29, 2016 12:29pm Confirmed account Account confirmed for Joe S Joe S 192.168.0.66 Jun 29, 2016 12:22pm Confirmed account Account confirmed for Joe S Joe S 192.168.0.67 Jun 22, 2016 12:39pm
The following appears in the /var/log/hipchat/coral.log for the users. Note in this example that there are multiple instances of the email address being changed from lower-case to upper-case followed by a confirmation email being sent to the users:
2016-07-13T09:58:34.858577+00:00 ip-172-16-0-199 coral-1: [/user/49#REQXjcYxk] uid-49 changed email from joe.smith@example.com to Joe.Smith@example.com. Change performed by uid-None 2016-07-13T09:58:34.859370+00:00 ip-172-16-0-199 coral-0: [/user/44#REQF4117m] gid-1 updated in DB 2016-07-13T09:58:34.860812+00:00 ip-172-16-0-199 coral-0: [/user/44#REQF4117m] uid-44 changed email from mark.lucas@example.com to Mark.Lucas@example.com, Change performed by uid-None 2016-07-13T09:58:34.861825+00:00 ip-172-16-0-199 coral-1: [/user/49#REQXjcYxk] uid-49 updated in DB 2016-07-13T09:58:34.863239+00:00 ip-172-16-0-199 coral-1: [/user/49#REQXjcYxk] Gearman - adding curler job: method=handle_confirm_email_address_notification 2016-07-13T09:58:34.867031+00:00 ip-172-16-0-199 coral-1: [/user/49#REQXjcYxk] uid-49 changed email address. Resent confirmation email. job=H:ip-172-16-0-199:163 ... 2016-07-13T09:58:34.870809+00:00 ip-172-16-0-199 coral-0: [/user/44#REQF4117m] Gearman - adding curler job: method=handle_confirm_email_address_notification 2016-07-13T09:58:34.876707+00:00 ip-172-16-0-199 coral-0: [/user/44#REQF4117m] Gearman - job added: 'H:ip-172-16-0-199:164' 2016-07-13T09:58:34.876791+00:00 ip-172-16-0-199 coral-0: [/user/44#REQF4117m] uid-44 changed email address. Resent confirmation email. job=H:ip-172-16-0-199:164
Diagnosis
Environment
- Hipchat Server connected to an external directory for user management
- The external directory can be Jira, Crowd, LDAP, or Active Directory.
Diagnostic Steps
- The users receiving the emails are being synchronized from the external directory, therefore they cannot change their email addresses in the Hipchat Server User Interface.
- The email address changes and confirmation emails are happening automatically with no manual interference from the users.
- /var/log/hipchat/coral.log shows the activity listed above.
Cause
The users in question each had two accounts in the external directory, with email addresses that only differed in case sensitivity.
A third party application linked to the LDAP server sporadically updates the users' emails to start with upper or lower case.
Resolution
- Avoid users with duplicate email addresses. (An email address is considered a unique property in Hipchat Server).
- Avoid having two users with email addresses that only differ by case sensitivity (for example, user@example.com and User@example.com). When in doubt, use all lowercase.
- Either change the emails on the external accounts so that they have the same case, or possibly remove one of the duplicate accounts on the external directory.
- If there are email case changes being done sporadically, lower your LDAP directory logging level to have more details and find out the trigger of these changes.
- More information can be located in our User Management Limitations and Recommendations documentation for Hipchat Server.
- We understand that for email case changes, the user should not be required to confirm the account again since emails should not be case sensitive. Thus, we have - HCPUB-1639Getting issue details... STATUS open to address this bug. Feel free to upvote it.