Modify

Opened 11 years ago

Closed 10 years ago

#855 closed defect (wontfix)

register a new user should be possible if some part is missing ...

Reported by: rupert thurner Owned by: Matt Good
Priority: high Component: AccountManagerPlugin
Severity: normal Keywords:
Cc: Trac Release: 0.10

Description

what we do

  1. we create instances with a script calling trad-admin initenv
  2. admin permission is added via trac-admin
    trac-admin $tracprojpath permission add $adminuid $sysrole
    
  3. adminuid does NOT get created with htpasswd as the user should set his own password

the effect

  • $adminuid cannot register himself, as trac complains with "user already exists"
  • but $adminuid does not show up in the user list (so another admin cannot remove the user)
  • but $adminuid does not have an email set (so $adminuid cannot reset the password)

what could we do?

  • is it possible to set the email with the script too?
  • is it possible to allow registration of the user if he does not show up in the users list?

Attachments (0)

Change History (1)

comment:1 Changed 10 years ago by Matt Good

Resolution: wontfix
Status: newclosed

Users should not be able to register with a username that has existing permissions to prevent possible permission escalation. You probably want to add default users in the setup script instead (via the htpasswd or htdigest tools). The users can change their password after logging in the first time.

Modify Ticket

Change Properties
Set your email in Preferences
Action
as closed The owner will remain Matt Good.
The resolution will be deleted.

Add Comment


E-mail address and name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.