Does it make sense to authenticate a user when he/she provides existing valid credentials while registering?
Someone came up with this proposed behavior recently and I haven't been able to find examples of services working the same way. I have to say I don't really like it, but can't put my finger on a precise reason.
It would work like this. We have a user in dB with:
- Email: "example@example.com"
- Password: "12345678"
The user goes to example.com/sign_up
and signs up with:
- Email: "example@example.com"
- Password: "12345678" (we might ask for a password confirmation)
What we're doing now in this case is letting the user know there's a conflict; there's an account with that same email.
But since the user entered valid credentials, would it make any sense to authenticate him/her?
Edit: I don't think my question covers the same situation discussed here. These are not two different users with just the same email, it's one single user registering with the same credentials (both email and password) he/she used at an earlier time. What we usually see in this case is an unsuccessful registration attempt. The proposed behavior here is to check the credentials against the authentication and, if they work, simply log the user in.
As I said earlier, I've never seen this done and I don't like it myself. Some of the answers are giving very valid insight as to why it seems to be a bad idea.