You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@maven.apache.org by "Wendy Smoak (JIRA)" <ji...@codehaus.org> on 2006/12/26 18:21:09 UTC
[jira] Created: (CONTINUUM-1085) New user validation is not
enforced
New user validation is not enforced
-----------------------------------
Key: CONTINUUM-1085
URL: http://jira.codehaus.org/browse/CONTINUUM-1085
Project: Continuum
Issue Type: Bug
Components: Web - Security
Reporter: Wendy Smoak
When registering for a new account, the requirement to click the link in the validation email is not enforced.
Steps to reproduce:
1. Register for an account
2. Ignore the confirmation email
3. Attempt to log in with the new userid. Leave the password blank
4. You are prompted to 'Change Password'
5. Leave the 'existing password' blank, and enter a new password (twice).
6. You are logged in and on the Edit Details screen
1a. The newly created account is not "Locked" (even though the registration confirmation page says it will be.) CONTINUUM-1084
1b. Even if you log in as admin and lock the account, steps 3-5 still work.
4a. If you navigate away from the change password page without completing it, you appear to be logged in and can see everything from project groups down to build results. (Possibly related to CONTINUUM-1082 where a guest user with no roles can also see everything.)
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.codehaus.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] Commented: (CONTINUUM-1085) New user validation is not
enforced
Posted by "Wendy Smoak (JIRA)" <ji...@codehaus.org>.
[ http://jira.codehaus.org/browse/CONTINUUM-1085?page=comments#action_83386 ]
Wendy Smoak commented on CONTINUUM-1085:
----------------------------------------
If the password field were required (see CONTINUUM-1089) then #3 and #5 above wouldn't be possible.
Ideally if you try to log in with a not-yet-validated newly registered account, you'd be presented with a message explaining that you need to look for the validation email and click the link (or contact the administrator).
> New user validation is not enforced
> -----------------------------------
>
> Key: CONTINUUM-1085
> URL: http://jira.codehaus.org/browse/CONTINUUM-1085
> Project: Continuum
> Issue Type: Bug
> Components: Web - Security
> Reporter: Wendy Smoak
>
> When registering for a new account, the requirement to click the link in the validation email is not enforced.
> Steps to reproduce:
> 1. Register for an account
> 2. Ignore the confirmation email
> 3. Attempt to log in with the new userid. Leave the password blank
> 4. You are prompted to 'Change Password'
> 5. Leave the 'existing password' blank, and enter a new password (twice).
> 6. You are logged in and on the Edit Details screen
> 1a. The newly created account is not "Locked" (even though the registration confirmation page says it will be.) CONTINUUM-1084
> 1b. Even if you log in as admin and lock the account, steps 3-5 still work.
> 4a. If you navigate away from the change password page without completing it, you appear to be logged in and can see everything from project groups down to build results. (Possibly related to CONTINUUM-1082 where a guest user with no roles can also see everything.)
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.codehaus.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira