Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Check logins for 'locked' and activated attributes #11

Closed
nickdos opened this issue Sep 13, 2017 · 0 comments
Closed

Check logins for 'locked' and activated attributes #11

nickdos opened this issue Sep 13, 2017 · 0 comments
Assignees
@sbearcsiro

Comments

@nickdos
Copy link

nickdos commented Sep 13, 2017
edited
Loading

This is currently the case for prod (old CAS) but should be checked with CAS5.

If I change my account to have locked=true I am still able to login via both CAS and Google login. If I then change the activated to be false (while keeping locked=true), then I can't login via CAS (invalid credentials) but I can still login via Google.

Expected behaviour is to not allow people to login if either activated=false or locked=true. E.g.

activated=true | locked=true -> block login
activated=true | locked=false -> allow login
activated=false | locked=true -> block login
activated=false | locked=false -> block login

Also, it would be better for the user to get a more specific error message if the account is locked and or not activated. If the user enters the correct password, then let them know the account is locked on not activated and provide email address to send support an email (populating subject line and body with important details such as userId and error message).
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@sbearcsiro sbearcsiro

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@nickdos @sbearcsiro