Uploaded image for project: 'Magnolia Public User Registration'
  1. Magnolia Public User Registration
  2. MGNLPUR-60

After a registration, I'm able to log in even if my account is not yet enabled

    XMLWordPrintable

Details

    • Bug
    • Resolution: Outdated
    • Critical
    • None
    • 1.3
    • None
    • None

    Description

      With the default configuration, registration strategy set to Never. When you create a new account, you receive a mail asking you to click on a link that will enable your account.
      Even if you dont click on this mail, you are able to log in with this new account.

      When you create a new user, it create everything in the user workspace, and set on the user object (in memory) a flag enabled to false.
      When you try to do a log in with this new account, in the login filter, it check if the user is here and then you are logged in... It doesnt care about this flag, but anyway I dont really understand how the user object created before could be retrieve at this time.

      Maybe we should review the strategy.
      First creating a user under

      {realm}/tovalidate/username, and then when the user click on the validation link, we move the user node to {realm}

      /username.

      Checklists

        Acceptance criteria

        Attachments

          Activity

            People

              Unassigned Unassigned
              sschmitt Samuel Schmitt
              Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Checklists

                  Bug DoR
                  Task DoD