Closed Bug 558511 Opened 14 years ago Closed 14 years ago

Deleted user can recover their password and that's a bad thing

Categories

(addons.mozilla.org Graveyard :: Public Pages, defect, P3)

defect

Tracking

(Not tracked)

VERIFIED FIXED
5.11.8

People

(Reporter: clouserw, Assigned: davedash)

References

Details

Because of the awkward relationship between `users` and `auth_user`, anonymizing a user will clear out the `users` table, but not `auth_user`.  Password recovery comes from `auth_user`, so their email is still in there and is sent back to them.

Those two tables need to be cleaned up.
Depends on: 558514
Target Milestone: 4.x (triaged) → 5.11.8
Assignee: nobody → dd
Summary: Deleted user can recover their password → Deleted user can recover their password and that's a bad thing
Blocks: 588536
http://github.com/jbalogh/zamboni/commits/99e1ad8
Status: NEW → RESOLVED
Closed: 14 years ago
Resolution: --- → FIXED
STR:
1.From the admin panel,make an existing user -anonymous
2.Go for Forgot password page.
3.Enter the email of that user

observed behavior:
"That e-mail address doesn't have an associated user account. Are you sure you've registered?" is displayed.

verified
Status: RESOLVED → VERIFIED
Product: addons.mozilla.org → addons.mozilla.org Graveyard
You need to log in before you can comment on or make changes to this bug.