Skip to content

Auth: Canlogin process borken #454

New issue
New issue
Closed
#550
Closed
Auth: Canlogin process borken#454
#550
Assignees
oyeaussie
Labels
P2If not fixed, how will I sleep tonightSecuritybugAnd... you got hacked because of this
Milestone
0.0.0-rc.6
@oyeaussie

Description

@oyeaussie
oyeaussie
opened on Jul 6, 2024

When a user is added via accounts and you select Login permission via app settings, user is able to login even if their role is not allowed to login settings in app.

Example, add a user and assign role as registered users. Core app does not have registered users permission to login, still the user is able to login.

######## Issue imported from Gitea ########

Details

Gitea Issue ID : 517
State : open
Created : 2024-04-12T22:28:07+10:00

Issue Description

When a user is added via accounts and you select Login permission via app settings, user is able to login even if their role is not allowed to login settings in app.

Example, add a user and assign role as registered users. Core app does not have registered users permission to login, still the user is able to login.

Timeline

Label : Added P2 on 2024-04-12T22:28:07+10:00.
Label : Added Securitybug on 2024-04-12T22:28:07+10:00.

Metadata

Metadata

Assignees

Labels

P2If not fixed, how will I sleep tonightSecuritybugAnd... you got hacked because of this

Type

No type

Projects

No projects

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions