Details
-
Bug
-
Resolution: Outdated
-
Critical
-
None
-
1.3
-
None
-
None
Description
With the default configuration, registration strategy set to Never. When you create a new account, you receive a mail asking you to click on a link that will enable your account.
Even if you dont click on this mail, you are able to log in with this new account.
When you create a new user, it create everything in the user workspace, and set on the user object (in memory) a flag enabled to false.
When you try to do a log in with this new account, in the login filter, it check if the user is here and then you are logged in... It doesnt care about this flag, but anyway I dont really understand how the user object created before could be retrieve at this time.
Maybe we should review the strategy.
First creating a user under
/username.
Checklists
Acceptance criteria