[
https://issues.apache.org/jira/browse/COUCHDB-1374?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Marcos Zanona updated COUCHDB-1374:
-----------------------------------
Description:
It seems that when creating a Server Admin and then deleting that same user
with another admin makes the first user stay active, resulting in a no deletion
and doesn't block the access to the old admin access.
It becomes marked as {"error":"not_found","reason":"deleted"} but still having
access to the whole system as an admin.
Also, Futon let's you create another simple user with the same name as the
deleted server admin without any problem, resulting on a password change for
the old server admin, but that user will stay as a server admin even if that
wasn't the original intention.
That is not the case for simple users, only for admin level ones.
* I have experienced this creating these users through Futon
was:
It seems that when creating a Server Admin and then deleting that same user
with another admin makes the first user stay active, resulting in a no deletion
and doesn't block the access to the old admin access.
It becomes marked as {"error":"not_found","reason":"deleted"} but still having
access to the whole system as an admin.
Also, Futon let's you create another simple user with the same name as the
deleted server admin without any problem, resulting and a password change for
the old server admin, but that will still a server admin even if that wasn't
the original intention.
That is not the case for simple users, only for admin level ones.
* I have experienced this creating these users through Futon
> Server Admin never gets deleted
> -------------------------------
>
> Key: COUCHDB-1374
> URL: https://issues.apache.org/jira/browse/COUCHDB-1374
> Project: CouchDB
> Issue Type: Bug
> Components: Futon, Infrastructure
> Affects Versions: 1.1.1
> Reporter: Marcos Zanona
> Labels: admin, login, security, validation
> Fix For: 1.2, 1.3, 1.1.2
>
>
> It seems that when creating a Server Admin and then deleting that same user
> with another admin makes the first user stay active, resulting in a no
> deletion and doesn't block the access to the old admin access.
> It becomes marked as {"error":"not_found","reason":"deleted"} but still
> having access to the whole system as an admin.
> Also, Futon let's you create another simple user with the same name as the
> deleted server admin without any problem, resulting on a password change for
> the old server admin, but that user will stay as a server admin even if that
> wasn't the original intention.
> That is not the case for simple users, only for admin level ones.
> * I have experienced this creating these users through Futon
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
