Opened 8 years ago
Closed 17 months ago
#1804 closed task (fixed)
password reset resets wrong password if a user has >1 account on an email address
| Reported by: | rduivenvoorde | Owned by: | |
|---|---|---|---|
| Priority: | normal | Milestone: | |
| Component: | SysAdmin | Keywords: | |
| Cc: |
Description (last modified by ) ¶
Somebody (well I'm not aware it was myself) created a (now removed) user 'test' in ldap, and used my email address with it, which already is used in my personal user account...
BUT trying to reset the 'test' user, my own account's password was actually rest as shown in the email: The temporary password for the OSGeo Userid "rduivenvoorde" is "".
So we cannot even rest the test-user password.
I think it should not be possible to add a user with an already available/used email address?
OR the reset form should work on account name and not with email address?
Change History (3)
comment:1 by , 8 years ago
by , 8 years ago
| Attachment: | osgeoldap.png added |
|---|
Error when trying to reset password plus link in red bar plus result
comment:2 by , 17 months ago
| Description: | modified (diff) |
|---|---|
| Resolution: | → fixed |
| Status: | new → closed |
today it is not possible to register a user with the same email as another existing user
from irc: <strk> but I suspect it is possible to register as "test" and then change email to (say) yours w/out the "change email" script checking for other users having that same email (this would be something to fix)...
So both *creating* new users/emails, and *changing* users/emails should be checked...