From issues at jboss.org  Wed Jun 10 04:07:03 2015
From: issues at jboss.org (Tuyen Nguyen The (JIRA))
Date: Wed, 10 Jun 2015 04:07:03 -0400 (EDT)
Subject: [gatein-issues] [JBoss JIRA] (GTNPORTAL-3592) Can login to root
 after try login to disabled user via OAuth
In-Reply-To: <JIRA.12574473.1433923607000@Atlassian.JIRA>
References: <JIRA.12574473.1433923607000@Atlassian.JIRA>
	<JIRA.12574473.1433923607576@jira02.app.mwc.hst.phx2.redhat.com>
Message-ID: <JIRA.12574473.1433923607000.38598.1433923623282@Atlassian.JIRA>

Tuyen Nguyen The created GTNPORTAL-3592:
-------------------------------------------

             Summary: Can login to root after try login to disabled user via OAuth
                 Key: GTNPORTAL-3592
                 URL: https://issues.jboss.org/browse/GTNPORTAL-3592
             Project: GateIn Portal
          Issue Type: Bug
            Reporter: Tuyen Nguyen The
            Assignee: Tuyen Nguyen The


Step to reproduce:
- Enable oauth following [this docs|https://docs.jboss.org/author/display/GTNPORTAL36/OAuth+-+Authentication+with+social+network+accounts]
- Start gatein
- Register new account with Facebook (new username is "gatein")
- New user is created and logged in => OK
- Sign out user then login to root
- Go to User Management then disable the created user (user "gatein")
- Sign out root
- Click on login link then choose login with Facebook (use the facebook account which used to create "gatein" user)
- User will be redirect to login page with message "gatein Sign in failed. User is disabled." => OK
- Now, enter root and random password to login form in this login page then submit form
- User root is logged in => NOK

The root caused is in OauthLoginModule, we only check if there is user mapped with oauth in AuthenticationRegistry then we will return true => It marks username/password is correct (even other login module return false)



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

From issues at jboss.org  Wed Jun 10 04:41:01 2015
From: issues at jboss.org (Tuyen Nguyen The (JIRA))
Date: Wed, 10 Jun 2015 04:41:01 -0400 (EDT)
Subject: [gatein-issues] [JBoss JIRA] (GTNPORTAL-3592) Can login to root
 after try login to disabled user via OAuth
In-Reply-To: <JIRA.12574473.1433923607000@Atlassian.JIRA>
References: <JIRA.12574473.1433923607000@Atlassian.JIRA>
	<JIRA.12574473.1433923607000@jira02.app.mwc.hst.phx2.redhat.com>
Message-ID: <JIRA.12574473.1433923607000.38756.1433925661956@Atlassian.JIRA>


     [ https://issues.jboss.org/browse/GTNPORTAL-3592?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Tuyen Nguyen The updated GTNPORTAL-3592:
----------------------------------------
              Status: Pull Request Sent  (was: Open)
    Git Pull Request: https://github.com/gatein/gatein-portal/pull/939


> Can login to root after try login to disabled user via OAuth
> ------------------------------------------------------------
>
>                 Key: GTNPORTAL-3592
>                 URL: https://issues.jboss.org/browse/GTNPORTAL-3592
>             Project: GateIn Portal
>          Issue Type: Bug
>            Reporter: Tuyen Nguyen The
>            Assignee: Tuyen Nguyen The
>
> Step to reproduce:
> - Enable oauth following [this docs|https://docs.jboss.org/author/display/GTNPORTAL36/OAuth+-+Authentication+with+social+network+accounts]
> - Start gatein
> - Register new account with Facebook (new username is "gatein")
> - New user is created and logged in => OK
> - Sign out user then login to root
> - Go to User Management then disable the created user (user "gatein")
> - Sign out root
> - Click on login link then choose login with Facebook (use the facebook account which used to create "gatein" user)
> - User will be redirect to login page with message "gatein Sign in failed. User is disabled." => OK
> - Now, enter root and random password to login form in this login page then submit form
> - User root is logged in => NOK
> The root caused is in OauthLoginModule, we only check if there is user mapped with oauth in AuthenticationRegistry then we will return true => It marks username/password is correct (even other login module return false)



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

From issues at jboss.org  Mon Jun 15 04:01:04 2015
From: issues at jboss.org (James Martin (JIRA))
Date: Mon, 15 Jun 2015 04:01:04 -0400 (EDT)
Subject: [gatein-issues] [JBoss JIRA] (GTNPORTAL-1554) Remove portlet from
 appication registry after the web app has removed
In-Reply-To: <JIRA.12421224.1286963152000@Atlassian.JIRA>
References: <JIRA.12421224.1286963152000@Atlassian.JIRA>
	<JIRA.12421224.1286963152000@jira02.app.mwc.hst.phx2.redhat.com>
Message-ID: <JIRA.12421224.1286963152000.51236.1434355264924@Atlassian.JIRA>


    [ https://issues.jboss.org/browse/GTNPORTAL-1554?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13078784#comment-13078784 ] 

James Martin commented on GTNPORTAL-1554:
-----------------------------------------

These steps are very helpful for me to reproduce the web app. (http://www.cygnismedia.com/web-application/) this page is also support me to learn this method.

> Remove portlet from appication registry after the web app has removed
> ---------------------------------------------------------------------
>
>                 Key: GTNPORTAL-1554
>                 URL: https://issues.jboss.org/browse/GTNPORTAL-1554
>             Project: GateIn Portal
>          Issue Type: Bug
>    Affects Versions: 3.1.0-GA
>            Reporter: Khoi Nguyen
>            Assignee: Khoi Nguyen
>              Labels: review_julien
>
> After a web app has removed, application registry should also remove the related portlet and category from list



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)