[MGNLPUR-60] After a registration, I'm able to log in even if my account is not yet enabled Created: 22/Dec/11  Updated: 04/Oct/13  Resolved: 04/Oct/13

Status: Closed
Project: Magnolia Public User Registration
Component/s: None
Affects Version/s: 1.3
Fix Version/s: None

Type: Bug Priority: Critical
Reporter: Samuel Schmitt Assignee: Unassigned
Resolution: Outdated Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Template:
Acceptance criteria:
Empty
Task DoD:
[ ]* Doc/release notes changes? Comment present?
[ ]* Downstream builds green?
[ ]* Solution information and context easily available?
[ ]* Tests
[ ]* FixVersion filled and not yet released
[ ]  Architecture Decision Record (ADR)
Bug DoR:
[ ]* Steps to reproduce, expected, and actual results filled
[ ]* Affected version filled
Date of First Response:

 Description   

With the default configuration, registration strategy set to Never. When you create a new account, you receive a mail asking you to click on a link that will enable your account.
Even if you dont click on this mail, you are able to log in with this new account.

When you create a new user, it create everything in the user workspace, and set on the user object (in memory) a flag enabled to false.
When you try to do a log in with this new account, in the login filter, it check if the user is here and then you are logged in... It doesnt care about this flag, but anyway I dont really understand how the user object created before could be retrieve at this time.

Maybe we should review the strategy.
First creating a user under

{realm}/tovalidate/username, and then when the user click on the validation link, we move the user node to {realm}

/username.



 Comments   
Comment by Magnolia International [ 24/Jan/13 ]

If the login filter doesn't check for the enabled flag of an account, it's a bug that was introduced in core.

Generated at Mon Feb 12 06:42:41 CET 2024 using Jira 9.4.2#940002-sha1:46d1a51de284217efdcb32434eab47a99af2938b.