Bug #2045
Manual account registration vs automatic openid registration.
Start date:
07 Jun 2012
Due date:
07 Feb 2013
% Done:
100%
Redmine version:
External issue:
Description
Hello,
I would like warn you that your fix doesn’t follow original approvement of account as here
case Setting.self_registration when '1' register_by_email_activation(user) do onthefly_creation_failed(user) end when '3' register_automatically(user) do onthefly_creation_failed(user) end else register_manually_by_administrator(user) do onthefly_creation_failed(user) end end
but you instead changed default behavior that it automatically accepts the account,
case Setting.self_registration when '2' register_manually_by_administrator(user) do onthefly_creation_failed(user) end else register_automatically(user) do onthefly_creation_failed(user) end end
which leads in future upgrades (for example they change self_registration code for manual approvement to something different than 2) to possibility of future exploit (it will automatically gives access to redmine).
By my opinion default behavior should be manual acceptance by administrator.
Associated revisions
Added self-registration configuration, restored the registration behavior (#2045)
History
#1
Updated by Andriy Lesyuk over 11 years ago
Updated by - Target version set to 0.1.0
#2
Updated by Andriy Lesyuk about 11 years ago
- Due date set to 07 Feb 2013
- Status changed from New to Closed
- Assignee set to Andriy Lesyuk
- % Done changed from 0 to 100
Thanks for reporting!