Loading...

XML

Word

Printable

Details

Type: Bug
Resolution: Fixed
Priority: Major
Fix Version/s: 11.7-rc-1
Affects Version/s: 11.6
Component/s: Old Core, Security
Labels:
None
Environment:
Windows 10 Pro 64 bit, Firefox 68, using a local instance of XWiki 11.6 on Oracle 12c

Tests:

Unit
Difficulty:
Unknown
Documentation:
N/A
Documentation in Release Notes:
N/A
Similar issues:

Description

Login as Admin
Create an user (e.g. U1)
Go to Administer Wiki > Users & Rights > Authentication
On 'Failure Strategies' select 'Disable account' and Save
Logout
Try to login with user's name (U1) and a wrong password 3 times (default setting) in order to get the message that the user's account is disabled
Login as Admin
Go to user's (U1) profile page and enable its profile
Logout
Try to login again with user's name (U1) and a wrong password

EXPECTED RESULTS

The message 'Error: Invalid credentials' is displayed. The user has 2 remaining tries until its account is disabled again.

ACTUAL RESULTS

The message that the user's account is disabled is still displayed. If logging in with Admin and go to the user's profile page, the account is disabled indeed.

However, this happens if the user does not first login successfully after its account was enabled by Admin.

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending
- Thumbnails
- List
- Download All

XWikiLogin_account_still_disabled.jpg
78 kB
06/Aug/19 12:58

Issue Links

is related to

XWIKI-16532 Add an authentication failure strategy to block user

Closed

Activity

People

Assignee:: Simon Urli

Reporter:: Ilie Andriuta

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 06/Aug/19 12:59

Updated:: 17/Dec/19 12:58

Resolved:: 12/Aug/19 16:55

Date of First Response:: 08/Aug/19 12:55 PM