[magnolia-dev] [JIRA] Updated: (MGNLPUR-60) After a registration, I'm able to log in even if my account is not yet enabled

Mon, 05 Mar 2012 11:43:20 -0800 

     [ 
http://jira.magnolia-cms.com/browse/MGNLPUR-60?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Ondřej Chytil updated MGNLPUR-60:
---------------------------------

    Fix Version/s: 1.4.x
                       (was: 1.4)

> After a registration, I'm able to log in even if my account is not yet enabled
> ------------------------------------------------------------------------------
>
>                 Key: MGNLPUR-60
>                 URL: http://jira.magnolia-cms.com/browse/MGNLPUR-60
>             Project: Magnolia Public User Registration
>          Issue Type: Bug
>    Affects Versions: 1.3
>            Reporter: Samuel Schmitt
>            Priority: Critical
>             Fix For: 1.4.x
>
>
> With the default configuration, registration strategy set to Never. When you 
> create a new account, you receive a mail asking you to click on a link that 
> will enable your account.
> Even if you dont click on this mail, you are able to log in with this new 
> account.
> When you create a new user, it create everything in the user workspace, and 
> set on the user object (in memory) a flag enabled to false.
> When you try to do a log in with this new account, in the login filter, it 
> check if the user is here and then you are logged in... It doesnt care about 
> this flag, but anyway I dont really understand how the user object created 
> before could be retrieve at this time.
> Maybe we should review the strategy.
> First creating a user under {realm}/tovalidate/username, and then when the 
> user click on the validation link, we move the user node to {realm}/username.

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: 
http://jira.magnolia-cms.com/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

       


----------------------------------------------------------------
For list details, see: http://www.magnolia-cms.com/community/mailing-lists.html
Alternatively, use our forums: http://forum.magnolia-cms.com/
To unsubscribe, E-mail to: <[email protected]>
----------------------------------------------------------------

Reply via email to