View Issue Details
ID | Project | Category | View Status | Date Submitted | Last Update |
---|---|---|---|---|---|
0001223 | Main CAcert Website | account administration | public | 2013-11-28 10:13 | 2014-11-11 21:31 |
Reporter | Werner Dworak | Assigned To | NEOatNHNG | ||
Priority | normal | Severity | minor | Reproducibility | have not tried |
Status | needs review & testing | Resolution | open | ||
Product Version | 2013 Q4 | ||||
Target Version | 2014 Q2 | ||||
Summary | 0001223: Handling of deleted accounts, email addresses and domains | ||||
Description | In the support case [s20131125.67] a member asked for a deleted account. He could not access it, and searching in the SE console I could not find it either. However if he used the 'Lost password' link on the login website, entered the email address and correct birthdate, he got to step 2 of password recovery. That means, here his account showed up. This looked strange to me, since normally as SE I can search even for deleted email addresses and I find all accounts this email address belongs to or previously belonged. But in this case I didn't find it. So I asked Wytze and he told me: "This email address can be found in the table `email`, but with the field `deleted`. It can also be found in the table `users`, again with `deleted`." It thus showed up that the handling of the `deleted` field in the software is rather inconsistent. I suggest that this handling should be straightened in the way that an SE always can see all email addresses, domains and accounts that ever existed. If there is more than one account, in the list of the accounts to select, a flag should be added to show if it is an active account, email address or domain or if it is deleted. | ||||
Tags | No tags attached. | ||||
Reviewed by | BenBE | ||||
Test Instructions | see below https://bugs.cacert.org/view.php?id=1223#c5073 | ||||
related to | 0001259 | new | Database cleanup regarding deleted accounts |
|
I pushed a fix regarding the password reset on a deleted or blocked account to https://github.com/INOPIAE/CAcert/tree/bug-1223 |
|
This bug is split into the password recovery which is handled in this bug and the database cleanup which is handled in bug 1257. |
|
Please add some information about what needs to be tested as the description is all about the other part but not about the password recovery itself. |
|
Test instruction: try to reset a password for a locked or a deleted account. You should not be able reset the password instead there should be a message pointing to support. |
|
I pushed a new fix to To https://github.com/INOPIAE/CAcert/commit/219bfed801ea16057532a715ffda50d80d1ae459 |
|
Pushed to testserver. Please test and revie. |
|
I verified that the following accounts were neither blocked nor deleted: 285.dez13@acme.com 286.dez13@acme.com I changed the passwords successfully of both accounts to CAcert! I locked 285.dez13@acme.com successfully. When I tried to change the PW with correct entries I got: "The account is not available, please get in contact with support (support@cacert.org)." -> ok I deleted 286.dez13@acme.com successfully with the ticket number a20141111.1.1 so the new email address for this account was set to a20141111.1.1@cacert.org. When I tried to change the PW with correct entries for the email address 286.dez13@acme.com: "Unable to match your details with any user accounts on file" When I tried to change the PW with correct entries for the email address a20141111.1.1@cacert.org I got: "The account is not available, please get in contact with support (support@cacert.org)." All PW resets were done from the user interface (and not the support view). There are some inconsistencies for the behaviour if the account is present, or not. It would be good to harmonise this. => ok, as it was not possible to change the password, but should be improved. |
Date Modified | Username | Field | Change |
---|---|---|---|
2013-11-28 10:13 | Werner Dworak | New Issue | |
2013-11-28 10:16 | Werner Dworak | Summary | Handling of deleted accounts, email addresse and domains => Handling of deleted accounts, email addresses and domains |
2013-11-28 10:16 | Werner Dworak | Description Updated | |
2014-03-16 09:28 | INOPIAE | Assigned To | => INOPIAE |
2014-03-16 10:25 | INOPIAE | Note Added: 0004646 | |
2014-03-16 10:25 | INOPIAE | Assigned To | INOPIAE => BenBE |
2014-03-16 10:25 | INOPIAE | Status | new => fix available |
2014-03-16 11:45 | INOPIAE | Relationship added | related to 0001259 |
2014-03-16 12:59 | INOPIAE | Note Added: 0004647 | |
2014-06-15 21:50 | BenBE | Source_changeset_attached | => cacert-devel testserver-stable 9312818d |
2014-06-15 21:50 | BenBE | Source_changeset_attached | => cacert-devel testserver-stable d59eb67f |
2014-06-15 21:50 | INOPIAE | Source_changeset_attached | => cacert-devel testserver-stable ca2c6090 |
2014-06-15 21:50 | INOPIAE | Source_changeset_attached | => cacert-devel testserver-stable e9251f86 |
2014-06-15 21:50 | INOPIAE | Source_changeset_attached | => cacert-devel testserver-stable 6c0fa6b8 |
2014-06-15 22:30 | BenBE | Assigned To | BenBE => NEOatNHNG |
2014-06-15 22:30 | BenBE | Status | fix available => needs review & testing |
2014-06-15 22:30 | BenBE | Target Version | => 2014 Q2 |
2014-06-17 21:01 | Eva | Note Added: 0004848 | |
2014-10-28 11:32 | INOPIAE | Note Added: 0005073 | |
2014-10-28 13:13 | INOPIAE | Test Instructions | => see below https://bugs.cacert.org/view.php?id=1223#c5073 |
2014-10-28 20:13 | INOPIAE | Note Added: 0005075 | |
2014-10-28 20:16 | INOPIAE | Note Edited: 0005075 | |
2014-10-28 21:00 | BenBE | Source_changeset_attached | => cacert-devel testserver-stable 81900476 |
2014-10-28 21:00 | BenBE | Source_changeset_attached | => cacert-devel testserver-stable 73cee03f |
2014-10-29 06:39 | BenBE | Reviewed by | => BenBE |
2014-10-29 06:39 | BenBE | Note Added: 0005083 | |
2014-11-11 21:31 | Eva | Note Added: 0005102 |