- Issue created by @thtas
- Merge request !59Issue #3525394: Remove access check from UserAuthentication:lookupAccount query → (Open) created by thtas
- Status changed to Needs review
about 1 month ago 5:13pm 26 August 2025 - 🇨🇷Costa Rica estebanvalerio.h
@thtas I'm not able to reproduce the issue with module version 2.x-dev.
After installing it, I was able to log in with username or email.
I check the code update at https://git.drupalcode.org/project/email_registration/-/merge_requests/5... and compare it with the code on my environment, the accessCheck is set to TRUE and this wasn't a blocker to log in
Can you specify which steps to follow to reproduce the issue? Thanks - 🇦🇺Australia thtas
The issue arises when some modules need to have a say on the query access for user entities.
e.g. in my scenario, I have a site which uses the groups module which will implement query level access and is configured in such a way that users are not visible to anonymous users.
This could also happen if you used the "entity" module and implemented a query access handler for user entities.
Also, the parent call from the core class that this class extends from will also skip access checking as it uses the entity storage loadByProperties method.