Uploaded image for project: 'eZ Publish / Platform'
  1. eZ Publish / Platform
  2. EZP-31427

Improve security layer to handle login by email (and email + username)

    XMLWordPrintable

    Details

    • Sprint:
      [3.0] - Sprint 24

      Description

      There are two issues regarding login by email:

      • email may not be unique,
      • you can register user with a login that resembles email and prevent login for different user.

      We need to:

      • provide Command to do the audit of User database and identify possible issues (non-unique emails already in database, or logins that resembles email if login by email is enabled),
      • provide an option to enable/disable email uniqueness during registration,
      • provide a configurable pattern option to prevent some login types during registration (like ie. ones that can be valid email).

        Attachments

          Activity

            People

            Assignee:
            Unassigned
            Reporter:
            slawomir.uchto@ez.no SÅ‚awomir Uchto
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: