Closed
Bug 558511
Opened 15 years ago
Closed 15 years ago
Deleted user can recover their password and that's a bad thing
Categories
(addons.mozilla.org Graveyard :: Public Pages, defect, P3)
addons.mozilla.org Graveyard
Public Pages
Tracking
(Not tracked)
VERIFIED
FIXED
5.11.8
People
(Reporter: clouserw, Assigned: davedash)
References
Details
Because of the awkward relationship between `users` and `auth_user`, anonymizing a user will clear out the `users` table, but not `auth_user`. Password recovery comes from `auth_user`, so their email is still in there and is sent back to them.
Those two tables need to be cleaned up.
|
Reporter | |
Updated•15 years ago
|
Target Milestone: 4.x (triaged) → 5.11.8
|
|
Reporter | |
Updated•15 years ago
|
Assignee: nobody → dd
|
Assignee | |
Updated•15 years ago
|
Summary: Deleted user can recover their password → Deleted user can recover their password and that's a bad thing
|
|
Assignee | |
Comment 2•15 years ago
|
||
Status: NEW → RESOLVED
Closed: 15 years ago
Resolution: --- → FIXED
|
|
||
Comment 3•15 years ago
|
||
STR:
1.From the admin panel,make an existing user -anonymous
2.Go for Forgot password page.
3.Enter the email of that user
observed behavior:
"That e-mail address doesn't have an associated user account. Are you sure you've registered?" is displayed.
verified
Status: RESOLVED → VERIFIED
|
||
Updated•9 years ago
|
Product: addons.mozilla.org → addons.mozilla.org Graveyard
You need to log in
before you can comment on or make changes to this bug.
Description
•