[
https://issues.apache.org/jira/browse/COUCHDB-1374?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Marcos Zanona updated COUCHDB-1374:
-----------------------------------
Description:
It seems that when creating an admin user and then deleting that same user with
another admin makes the first user stay active, resulting in a no deletion and
doesn't block the access to the old user access.
It becomes marked as {"error":"not_found","reason":"deleted"} but still having
access to the whole system as an admin.
That is not the case for simple users, only for admin level ones.
was:
It seems that when creating an admin user and then deleting that same user with
another admin makes the first user stay active, resulting in a no deletion and
doesn't block the access to the old user access.
It becomes marked as {"error":"not_found","reason":"deleted"} but still having
access to the whole system as an admin.
> Admin users never get deleted
> -----------------------------
>
> Key: COUCHDB-1374
> URL: https://issues.apache.org/jira/browse/COUCHDB-1374
> Project: CouchDB
> Issue Type: Bug
> Components: Build System
> Affects Versions: 1.1.1
> Reporter: Marcos Zanona
> Labels: admin, login, security, validation
> Fix For: 1.2, 1.3, 1.1.2
>
>
> It seems that when creating an admin user and then deleting that same user
> with another admin makes the first user stay active, resulting in a no
> deletion and doesn't block the access to the old user access.
> It becomes marked as {"error":"not_found","reason":"deleted"} but still
> having access to the whole system as an admin.
> That is not the case for simple users, only for admin level ones.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
