Uploaded image for project: 'XWiki Platform'
  1. XWiki Platform
  2. XWIKI-5430

Always check the Active setting on user accounts

    XMLWordPrintable

Details

    • Improvement
    • Resolution: Duplicate
    • Major
    • None
    • 2.5 M2
    • Old Core
    • None
    • Unknown

    Description

      By default, xwiki doesn't verify if the user that logs in has an active or inactive state.
      With this behavior, an inactive user can log in, and simply browse through the content without no restrictions.
      Even more, it can use applications like Invitation application, and spam or invite unintended people to register to xwiki.

      The check to see if the logging uses is active should be mandatory, without having to set
      "Check Active fields for user authentication" accessible from Administer Wiki -> Registration.

      Attachments

        Issue Links

          Activity

            People

              tmortagne Thomas Mortagne
              sorinello Sorin Burjan
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: