[Koha-bugs] [Bug 12566] Duplicate checks for Self Registered borrowers

Wed Aug 9 03:05:49 CEST 2017

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=12566

--- Comment #4 from Liz Rea <liz at catalyst.net.nz> ---
I agree with Emma, this needs to be at least as robust as the staff client
duplicate borrower checking.

I envision some scenarios as follows:

Let's just say we have a user who has registered a year or two ago, and can't
remember they did. This person registered in the library, using a paper form,
and their data was input into the system by a librarian based on the fields
required in the staff interface.

I'm going to assume for the sake of the exercise, that the library allows users
to reset their own password by email.

This person now comes to the library website, and has forgotten their
username/password. They don't remember that they have even used the library
website before (maybe they haven't).

This user cannot accomplish what they want to without an account, so they
decide to register. Sensible. 

User registers online, using the form specified by the library. Koha will then
check those required fields and look for a user in the existing database that
matches to some great extent, i.e. if we ask for 10 items of information, let's
say if 6 match and one is an email address in any of the address fields, we
have a suspected duplicate user.

At this point, we can do one of several things:

1. suggest to the user that maybe they've already registered, please go to the
library (which one?) because sorry we can't resolve this online. This is ok,
but pretty bad service for a modern web app.

2. If we have a matching email address in any of the email fields
(configurable?), and a strongly suspected duplicate, send an email with
password recovery instructions to the matching email account. The user may not
have access to this account - but that isn't our problem. It is much better
than sending them away! Something like "We noticed you were trying to register,
but we think you might already be registered with the library. Would you like
us to email you information on how to recover your account?" If accepted, the
email would help them reset their password and take them through the "forgotten
password" workflow. If the user declines, send them to the library for
in-person help. Alternately, we could 

If we have a strongly suspected duplicate, but no email address in any
collected email field, we would not offer to send anything - "We can't register
you online, sorry." 

3. add the user but flag it with MANY FLAGS AND BLINK TAGS as PROBABLY
DUPLICATE and note which borrower, and put it in the patron modification queue
for a librarian to merge with the existing user. We will want to prefer the
username and password that the user has just created with the new registration
so they can still log in.

There are other scenarios but I don't really have clearance to think about them
right now. I do welcome discussion.

Cheers,
Liz

-- 
You are receiving this mail because:
You are watching all bug changes.
You are the assignee for the bug.