Closed Bug 1719378 Opened 2 years ago Closed 2 years ago

Fix bug in code that allows inactive users to reactivate their own accounts

Tracking

()

Status:

RESOLVED FIXED

People

(Reporter: dkl, Assigned: dkl)

Details

Attachments

(1 file)

GitHub Pull Request 2 years ago David Lawrence [:dkl] 46 bytes, text/x-github-pull-request		Details \| Review

David Lawrence [:dkl]

Assignee

Description

•

2 years ago

When we updated the list of users disabling those who had not logged in for a long time, I added code to allow the user to reactivate the account themselves. This works fine for users whose old password is still valid and meets our current password constraints. If the users password does meet the constraints (i.e. too short) then it sets their password_change_reason from 'Inactive Account' to another reason matching the password failure. The disabled_text is unfortunately not cleared at that time which does not allow them to ever activate the account and requires a BMO admin to do it manually.

I have a patch that will fix this issue properly.

David Lawrence [:dkl]

Assignee

Comment 1

•

2 years ago

Attached file GitHub Pull Request — Details

David Lawrence [:dkl]

Assignee

Comment 2

•

2 years ago

Merged to master.

Status: ASSIGNED → RESOLVED

Closed: 2 years ago

Resolution: --- → FIXED

You need to log in before you can comment on or make changes to this bug.

Bugzilla

Quick Search

Fix bug in code that allows inactive users to reactivate their own accounts

Categories

(bugzilla.mozilla.org :: General, defect)

Tracking

()

People

(Reporter: dkl, Assigned: dkl)

References

Details

Crash Data

Security

(public)

User Story

Attachments

(1 file)

Description

Comment 1

Comment 2