Patch for "1.6_STABLE" branch: https://reviews.mahara.org/3160
-- You received this bug notification because you are a member of Mahara Contributors, which is subscribed to Mahara. Matching subscriptions: Subscription for all Mahara Contributors -- please ask on #mahara-dev or mahara.org forum before editing or unsubscribing it! https://bugs.launchpad.net/bugs/1284876 Title: Suspended users can log in via password reset email Status in Mahara ePortfolio: Fix Committed Status in Mahara 1.6 series: In Progress Status in Mahara 1.7 series: In Progress Status in Mahara 1.8 series: Fix Committed Status in Mahara 1.9 series: Fix Committed Bug description: To replicate: 1. Suspend a user account 2. Log out 3. Click on the "forgot password" link, and enter the username for the suspended user 4. Receive the password reset email for that user, click on the link 5. The link takes you to the password reset screen. Fill in a new password there and click submit button Expected Result: You should see the screen that says "Your account has been suspended as of Wednesday, 26 February 2014. The reason for your suspension is: %s" Actual Result: You are logged in! The good news is that don't seem to be able to interact with anybody. All attempts to send messages or create content give an error message which includes the account suspension message and reason. However, you can still read other people's content, and I haven't exhaustively checked for all modes of interaction, so there still might be something malicious you can do. To manage notifications about this bug go to: https://bugs.launchpad.net/mahara/+bug/1284876/+subscriptions _______________________________________________ Mailing list: https://launchpad.net/~mahara-contributors Post to : mahara-contributors@lists.launchpad.net Unsubscribe : https://launchpad.net/~mahara-contributors More help : https://help.launchpad.net/ListHelp