Ticket #855 (closed defect: wontfix)

Opened 2 years ago

Last modified 2 years ago

register a new user should be possible if some part is missing ...

Reported by: ThurnerRupert Assigned to: mgood
Priority: high Component: AccountManagerPlugin
Severity: normal Keywords:
Cc: Trac Release: 0.10

Description

what we do

  1. we create instances with a script calling trad-admin initenv
  2. admin permission is added via trac-admin 
    trac-admin $tracprojpath permission add $adminuid $sysrole
  3. adminuid does NOT get created with htpasswd as the user should set his own password

the effect

  • $adminuid cannot register himself, as trac complains with "user already exists"
  • but $adminuid does not show up in the user list (so another admin cannot remove the user)
  • but $adminuid does not have an email set (so $adminuid cannot reset the password)

what could we do?

  • is it possible to set the email with the script too?
  • is it possible to allow registration of the user if he does not show up in the users list?

Attachments

Change History

02/28/07 21:42:22 changed by mgood

  • status changed from new to closed.
  • resolution set to wontfix.

Users should not be able to register with a username that has existing permissions to prevent possible permission escalation. You probably want to add default users in the setup script instead (via the htpasswd or htdigest tools). The users can change their password after logging in the first time.

Add/Change #855 (register a new user should be possible if some part is missing ...)




Change Properties
Action