Opened 8 years ago

Closed 7 months ago

#1804 closed task (fixed)

password reset resets wrong password if a user has >1 account on an email address

Reported by: rduivenvoorde Owned by: sac@…
Priority: normal Milestone:
Component: SysAdmin Keywords:

Description (last modified by strk)

Somebody (well I'm not aware it was myself) created a (now removed) user 'test' in ldap, and used my email address with it, which already is used in my personal user account...

BUT trying to reset the 'test' user, my own account's password was actually rest as shown in the email: The temporary password for the OSGeo Userid "rduivenvoorde" is "".

So we cannot even rest the test-user password.

I think it should not be possible to add a user with an already available/used email address?

OR the reset form should work on account name and not with email address?

Attachments (1)

osgeoldap.png (105.3 KB ) - added by rduivenvoorde 8 years ago.
Error when trying to reset password plus link in red bar plus result

Download all attachments as: .zip

Change History (3)

comment:1 by rduivenvoorde, 8 years ago

from irc: <strk> but I suspect it is possible to register as "test" and then change email to (say) yours w/out the "change email" script checking for other users having that same email (this would be something to fix)...

So both *creating* new users/emails, and *changing* users/emails should be checked...

by rduivenvoorde, 8 years ago

Attachment: osgeoldap.png added

Error when trying to reset password plus link in red bar plus result

comment:2 by strk, 7 months ago

Description: modified (diff)
Resolution: fixed
Status: newclosed

today it is not possible to register a user with the same email as another existing user

Note: See TracTickets for help on using tickets.