Contrib.social

The reactivate link never expired.

Open on Drupal.org โ†’
Created on 16 October 2023, about 1 year ago
Updated 9 November 2023, about 1 year ago

Problem/Motivation

The reactivate link sent by the user blocked email will never expired. This introduces a problem in which a user can reactivate the account anytime in the future as long as the last login time hasn't been changed. Even if the account is blocked again.

Steps to reproduce

  1. Block a user and send out the user block email by this module.
  2. Use the reactive link sent via the email to unblock the user. Now the user is unblocked.
  3. Login as an admin user.
  4. Go to the people admin page (/admin/people)
  5. Block the same user again in this page.
  6. Logout as the admin user.
  7. Use the same reactive link from step 2 to unblock the user as anonymous user.
  8. The user is unblocked.

Proposed resolution

Expired the reactive link that has been used. Same as the reset password link, a user can't use that link more than once.

Remaining tasks

PHPUnit test script.

User interface changes

N/A

API changes

N/A

Data model changes

Maybe.

๐Ÿ“Œ Task
Status

Fixed

Version

2.0

Component

Code

Created by

๐Ÿ‡ฆ๐Ÿ‡บAustralia mingsong ๐Ÿ‡ฆ๐Ÿ‡บ

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Comments & Activities

contrib.social Blog FAQ Discussions
Production build 0.71.5 2024