New user validation is not enforced
-----------------------------------
Key: CONTINUUM-1085
URL: http://jira.codehaus.org/browse/CONTINUUM-1085
Project: Continuum
Issue Type: Bug
Components: Web - Security
Reporter: Wendy Smoak
When registering for a new account, the requirement to click the link in the
validation email is not enforced.
Steps to reproduce:
1. Register for an account
2. Ignore the confirmation email
3. Attempt to log in with the new userid. Leave the password blank
4. You are prompted to 'Change Password'
5. Leave the 'existing password' blank, and enter a new password (twice).
6. You are logged in and on the Edit Details screen
1a. The newly created account is not "Locked" (even though the registration
confirmation page says it will be.) CONTINUUM-1084
1b. Even if you log in as admin and lock the account, steps 3-5 still work.
4a. If you navigate away from the change password page without completing it,
you appear to be logged in and can see everything from project groups down to
build results. (Possibly related to CONTINUUM-1082 where a guest user with no
roles can also see everything.)
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://jira.codehaus.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
