Modify

Opened 8 years ago

Closed 7 years ago

#855 closed defect (wontfix)

register a new user should be possible if some part is missing ...

Reported by: ThurnerRupert Owned by: mgood
Priority: high Component: AccountManagerPlugin
Severity: normal Keywords:
Cc: Trac Release: 0.10

Description

what we do

  1. we create instances with a script calling trad-admin initenv
  2. admin permission is added via trac-admin
    trac-admin $tracprojpath permission add $adminuid $sysrole
    
  3. adminuid does NOT get created with htpasswd as the user should set his own password

the effect

  • $adminuid cannot register himself, as trac complains with "user already exists"
  • but $adminuid does not show up in the user list (so another admin cannot remove the user)
  • but $adminuid does not have an email set (so $adminuid cannot reset the password)

what could we do?

  • is it possible to set the email with the script too?
  • is it possible to allow registration of the user if he does not show up in the users list?

Attachments (0)

Change History (1)

comment:1 Changed 7 years ago by mgood

  • Resolution set to wontfix
  • Status changed from new to closed

Users should not be able to register with a username that has existing permissions to prevent possible permission escalation. You probably want to add default users in the setup script instead (via the htpasswd or htdigest tools). The users can change their password after logging in the first time.

Add Comment

Modify Ticket

Action
as closed .
The resolution will be deleted. Next status will be 'reopened'.
Author


E-mail address and user name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.