View Issue Details

IDProjectCategoryView StatusLast Update
0022746mantisbtauthenticationpublic2017-04-22 02:40
ReportervboctorAssigned Tovboctor 
PrioritynormalSeverityminorReproducibilityalways
Status resolvedResolutionfixed 
Product Version2.3.1 
Target Version2.3.2Fixed in Version2.3.2 
Summary0022746: Lost password redirects to login page if email address is empty and anonymous access is disabled
Description

As part of evaluating whether the email address is valid or not, the code ends up redirecting the user to login page due to a call to get a user id while no user is authenticated.

TagsNo tags attached.

Activities

Related Changesets

MantisBT: master-2.3 9c9297e2

2017-04-19 11:40:51

vboctor

Details Diff
Lost password email validation fix

This was caused when:
- anonymous authentication is OFF.
- email address is left empty.

This caused calling auth_get_current_user_id() when no user is authenticated
which causes user to get redirected to login page and then get directed to
lost password action page, which then complains that there is no valid form
security token.

The correct behavior is to prompt an error message that email address is invalid.

Fixes 0022746
mod - core/current_user_api.php Diff File

Issue History

Date Modified Username Field Change
2017-04-19 11:36 vboctor New Issue
2017-04-19 11:42 vboctor Assigned To => vboctor
2017-04-19 11:42 vboctor Status new => assigned
2017-04-19 11:42 vboctor Note Added: 0056622
2017-04-22 02:40 vboctor Changeset attached => MantisBT master-2.3 9c9297e2
2017-04-22 02:40 vboctor Status assigned => resolved
2017-04-22 02:40 vboctor Resolution open => fixed
2017-04-22 02:40 vboctor Fixed in Version => 2.3.2