Closed
Bug 558511
Opened 14 years ago
Closed 14 years ago
Deleted user can recover their password and that's a bad thing
Categories
(addons.mozilla.org Graveyard :: Public Pages, defect, P3)
addons.mozilla.org Graveyard
Public Pages
Tracking
(Not tracked)
VERIFIED
FIXED
5.11.8
People
(Reporter: clouserw, Assigned: davedash)
References
Details
Because of the awkward relationship between `users` and `auth_user`, anonymizing a user will clear out the `users` table, but not `auth_user`. Password recovery comes from `auth_user`, so their email is still in there and is sent back to them. Those two tables need to be cleaned up.
Reporter | ||
Updated•14 years ago
|
Target Milestone: 4.x (triaged) → 5.11.8
Reporter | ||
Updated•14 years ago
|
Assignee: nobody → dd
Assignee | ||
Updated•14 years ago
|
Summary: Deleted user can recover their password → Deleted user can recover their password and that's a bad thing
Assignee | ||
Comment 2•14 years ago
|
||
http://github.com/jbalogh/zamboni/commits/99e1ad8
Status: NEW → RESOLVED
Closed: 14 years ago
Resolution: --- → FIXED
Comment 3•14 years ago
|
||
STR: 1.From the admin panel,make an existing user -anonymous 2.Go for Forgot password page. 3.Enter the email of that user observed behavior: "That e-mail address doesn't have an associated user account. Are you sure you've registered?" is displayed. verified
Status: RESOLVED → VERIFIED
Updated•8 years ago
|
Product: addons.mozilla.org → addons.mozilla.org Graveyard
You need to log in
before you can comment on or make changes to this bug.
Description
•