Create user with JIRA API rest/api/2/user allows duplicate users

Summary

Per API - Latest: Create USER API You can create as many user accounts as you want using the same e-mail. Only erring is username is already in use.

Environment

• JIRA v7.2.0-OD-05-022
• Tested With POSTMAN and Direct CLI vi curl

Steps to Reproduce

1. POST to API endpoint https://<INSTANCE_NAME>.atlassian.net/rest/api/2/user
2. BODY:

   {
       "name": "<first_username>",
       "password": "<password>",
       "emailAddress": "<email@example.com>",
       "displayName": "<Full Name>",
   	"notification": "true"
   }
   

3. Do a second POST only changing the Username:

   {
       "name": "<second_username>",
       "password": "<password>",
       "emailAddress": "<email@example.com>",
       "displayName": "<Full Name>",
   	"notification": "true"
   }
   

Expected Results

Fail to create Second Account with error:

{
    "errorMessages": [],
    "errors": {
        "emailAddress": "This email belongs to <first_username>."
    }
}

Actual Results

User is created causing duplicate accounts

Notes

Testing Discovered:

• https://jira.atlassian.com/browse/JRA-60454

Workaround

Manually Delete second user per:

• https://confluence.atlassian.com/cloud/add-edit-and-remove-users-744721624.html
  if the user has contributed content or comments on your site, you will not be able to delete them, until the content is also deleted