Uploaded image for project: 'XWiki Platform'
  1. XWiki Platform
  2. XWIKI-5430

Always check the Active setting on user accounts

    XMLWordPrintable

Details

    • Improvement
    • Resolution: Duplicate
    • Major
    • None
    • 2.5 M2
    • Old Core
    • None
    • Unknown

    Description

      By default, xwiki doesn't verify if the user that logs in has an active or inactive state.
      With this behavior, an inactive user can log in, and simply browse through the content without no restrictions.
      Even more, it can use applications like Invitation application, and spam or invite unintended people to register to xwiki.

      The check to see if the logging uses is active should be mandatory, without having to set
      "Check Active fields for user authentication" accessible from Administer Wiki -> Registration.

      Attachments

        Issue Links

          duplicates

          Improvement - An improvement or enhancement to an existing feature or task. XWIKI-12653 Check user active/inactive status by default and remove the option to disable it

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Closed
          is duplicated by

          Task - A task that needs to be done. XWIKI-6300 Remove "Check Active fields for user authentication" dropdown from Registration area

          • Major - Major loss of function.
          • Closed

          Activity

            People

              tmortagne Thomas Mortagne
              sorinello Sorin Burjan
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: