Skip to content

Auth: Canlogin process borken #454

@oyeaussie

Description

@oyeaussie

When a user is added via accounts and you select Login permission via app settings, user is able to login even if their role is not allowed to login settings in app.

Example, add a user and assign role as registered users. Core app does not have registered users permission to login, still the user is able to login.

######## Issue imported from Gitea ########

Details

Gitea Issue ID : 517
State : open
Created : 2024-04-12T22:28:07+10:00

Issue Description

When a user is added via accounts and you select Login permission via app settings, user is able to login even if their role is not allowed to login settings in app.

Example, add a user and assign role as registered users. Core app does not have registered users permission to login, still the user is able to login.

Timeline

Label : Added P2 on 2024-04-12T22:28:07+10:00.
Label : Added Securitybug on 2024-04-12T22:28:07+10:00.

Metadata

Metadata

Assignees

Labels

P2If not fixed, how will I sleep tonightSecuritybugAnd... you got hacked because of this

Type

No type

Projects

No projects

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions