Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bug: Unable to log in when email and password pair overlap #250

Closed
yuki-takei opened this issue Jul 23, 2017 · 0 comments · Fixed by #257
Closed

Bug: Unable to log in when email and password pair overlap #250

yuki-takei opened this issue Jul 23, 2017 · 0 comments · Fixed by #257
Labels
Bug

Comments

@yuki-takei
Copy link
Contributor

yuki-takei commented Jul 23, 2017
edited

Environment

  • [crowi] 1.6.2

How to reproduce? (再現手順)

  1. Register user1
    • email: user1@example.com
    • password: password1
  2. Register user2
    • email: user2@example.com
    • password: password2
  3. Login with user1@example.com (logged in as user1) and modify credentials
    1. Go to /me and change e-mail to user2@example.com
    2. Go to /me/password and change password to password2
  4. Logout
  5. Login with user2@example.com and password2 pair

What happens? (症状)

  • user1 can log in
    • userSchema.statics.findUserByEmailAndPassword picks the old one
  • user2 is unable to log in until user1 modify e-mail or password

What is the expected result? (期待される動作)

  • user1 cannot modify e-mail to user2@example.com
    • should be checked whether the e-mail is reserved

Note
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Bug
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Added confirmation of existence of email when updating user info crowi/crowi
2 participants
@yuki-takei @hiroppy