[gatein-issues] [JBoss JIRA] (GTNPORTAL-3592) Can login to root after try login to disabled user via OAuth
Tuyen Nguyen The (JIRA)
issues at jboss.org
Wed Jun 10 04:07:03 EDT 2015
Tuyen Nguyen The created GTNPORTAL-3592:
-------------------------------------------
Summary: Can login to root after try login to disabled user via OAuth
Key: GTNPORTAL-3592
URL: https://issues.jboss.org/browse/GTNPORTAL-3592
Project: GateIn Portal
Issue Type: Bug
Reporter: Tuyen Nguyen The
Assignee: Tuyen Nguyen The
Step to reproduce:
- Enable oauth following [this docs|https://docs.jboss.org/author/display/GTNPORTAL36/OAuth+-+Authentication+with+social+network+accounts]
- Start gatein
- Register new account with Facebook (new username is "gatein")
- New user is created and logged in => OK
- Sign out user then login to root
- Go to User Management then disable the created user (user "gatein")
- Sign out root
- Click on login link then choose login with Facebook (use the facebook account which used to create "gatein" user)
- User will be redirect to login page with message "gatein Sign in failed. User is disabled." => OK
- Now, enter root and random password to login form in this login page then submit form
- User root is logged in => NOK
The root caused is in OauthLoginModule, we only check if there is user mapped with oauth in AuthenticationRegistry then we will return true => It marks username/password is correct (even other login module return false)
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
More information about the gatein-issues
mailing list