Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Blocked user can still login by using the forgot password feature #10776

Closed
hanguyenmgt opened this issue Aug 22, 2021 · 1 comment · Fixed by #10787
Closed

Blocked user can still login by using the forgot password feature #10776

hanguyenmgt opened this issue Aug 22, 2021 · 1 comment · Fixed by #10787
Labels
issue: bug Issue reporting a bug issue: security Issue reporting a security problem severity: medium If it breaks the basic use of the product but can be worked around source: plugin:users-permissions Source is plugin/users-permissions package status: confirmed Confirmed by a Strapi Team member or multiple community members
Projects
[Experiment] Issue Board

Comments

@hanguyenmgt
Copy link

hanguyenmgt commented Aug 22, 2021
edited
Loading

Bug report

Describe the bug

Blocked user can still login by using the forgot password feature

Steps to reproduce the behavior

  1. Open the forgot password page
  2. Submit with an email of a blocked account
  3. Click on the reset password link from the reset password email
  4. Enter a valid password and confirm password
  5. Submit and check

Expected behavior

Blocked user shouldn't be able to send forgot password request

Screenshots

If applicable, add screenshots to help explain your problem.

Code snippets

If applicable, add code samples to help explain your problem.

System

  • Node.js version: v14.15.3
  • NPM version: 6.14.11
  • Strapi version: v3.6.6
  • Database: postgre
  • Operating system: Ubuntu

Additional context

Add any other context about the problem here.
@derrickmehaffy derrickmehaffy added severity: medium If it breaks the basic use of the product but can be worked around source: plugin:users-permissions Source is plugin/users-permissions package status: confirmed Confirmed by a Strapi Team member or multiple community members issue: bug Issue reporting a bug issue: security Issue reporting a security problem labels Aug 23, 2021
@derrickmehaffy derrickmehaffy added this to To Review in [Experiment] Issue Board via automation Aug 23, 2021
@derrickmehaffy
Copy link
Member

Confirmed on v3.6.7

@derrickmehaffy derrickmehaffy mentioned this issue Aug 23, 2021
Merged
[Experiment] Issue Board automation moved this from To Review to Fixed Aug 24, 2021
@Bhanditz Bhanditz mentioned this issue Nov 26, 2023
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
issue: bug Issue reporting a bug issue: security Issue reporting a security problem severity: medium If it breaks the basic use of the product but can be worked around source: plugin:users-permissions Source is plugin/users-permissions package status: confirmed Confirmed by a Strapi Team member or multiple community members
Projects
No open projects
[Experiment] Issue Board
Fixed
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Fix blocked users being able to sign in using forgot password strapi/strapi
2 participants
@derrickmehaffy @hanguyenmgt