Control: retitle -1 Merging a @debian.org account in a non @debian.org account leads to "403 Forbidden"
Hi, On Tue, 22 Jul 2014, Axel Beckert wrote: > I just tried to merge the two accounts "[email protected]" and > "[email protected]". I'm currently logged in as "[email protected]" and > entered "[email protected]" as additional address. > > When I open the > https://tracker.debian.org/accounts/+merge-accounts/finalize/<hash> URL > in a browser where I'm logged in into the "[email protected]" account, > I get a "403 Forbidden" error message. It's probably a result of some of the special handling made by the distro_tracker.vendor.debian.sso_auth.DebianSsoUserMiddleware middleware. Basically it forces you to use sso.debian.org as authentication as soon as you have a @debian.org email attached to your account. Since you were logged with non debian.org account, as soon as the merge was complete, you got logged out and you no longer had the permissions to view the page that you were redirected to. That's my current guess at least. Can you try to login as [email protected] (using the sso link in https://tracker.debian.org/accounts/login/) and see if the account merge was effectively completed? Cheers, -- Raphaël Hertzog ◈ Debian Developer Discover the Debian Administrator's Handbook: → http://debian-handbook.info/get/ -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
