When cancelling a user account, an administrator has the option to require email confirmation to cancel the account. This can be optionally checked.
The user in question receives a unique link to then cancel their account. This does not work correctly for said user if they are logged out of the CMS, instead they see a 403 page. However, when logged into the CMS as the user in question the link works correctly and their account is disabled.
Needs work
11.0 π₯
Last updated
After being applied to the 8.x branch, it should be considered for backport to the 7.x branch. Note: This tag should generally remain even after the backport has been written, approved, and committed.
The change is currently missing an automated test that fails when run with the original code, and succeeds when the bug has been fixed.
Not all content is available!
It's likely this issue predates Contrib.social: some issue and comment data are missing.
Maybe we can refactor this cancel confirm route so it asks your password one last time.
Something like changing the link form cancellation_url to /user/login?destination=cancellation_url, which should transparently
?