couchdb-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Marcos Zanona (Updated) (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (COUCHDB-1374) Server Admin never gets deleted
Date Thu, 05 Jan 2012 11:37:40 GMT

     [ https://issues.apache.org/jira/browse/COUCHDB-1374?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Marcos Zanona updated COUCHDB-1374:
-----------------------------------

    Description: 
It seems that when creating a Server Admin and then deleting that same user with another admin
makes the first user stay active, resulting in a no deletion and doesn't block the access
to the old admin access.
It becomes marked as  {"error":"not_found","reason":"deleted"} but still having access to
the whole system as an admin.
Also, Futon let's you create another simple user with the same name as the deleted server
admin without any problem, resulting on a password change for the old server admin, but that
user will stay as a server admin even if that wasn't the original intention.

* I have experienced this creating these users through Futon by using the "Setup more admins"
popup

  was:
It seems that when creating a Server Admin and then deleting that same user with another admin
makes the first user stay active, resulting in a no deletion and doesn't block the access
to the old admin access.
It becomes marked as  {"error":"not_found","reason":"deleted"} but still having access to
the whole system as an admin.
Also, Futon let's you create another simple user with the same name as the deleted server
admin without any problem, resulting on a password change for the old server admin, but that
user will stay as a server admin even if that wasn't the original intention.
That is not the case for simple users, only for admin level ones.
* I have experienced this creating these users through Futon

    
> Server Admin never gets deleted
> -------------------------------
>
>                 Key: COUCHDB-1374
>                 URL: https://issues.apache.org/jira/browse/COUCHDB-1374
>             Project: CouchDB
>          Issue Type: Bug
>          Components: Futon, Infrastructure
>    Affects Versions: 1.1.1
>            Reporter: Marcos Zanona
>              Labels: admin, login, security, validation
>             Fix For: 1.2, 1.3, 1.1.2
>
>
> It seems that when creating a Server Admin and then deleting that same user with another
admin makes the first user stay active, resulting in a no deletion and doesn't block the access
to the old admin access.
> It becomes marked as  {"error":"not_found","reason":"deleted"} but still having access
to the whole system as an admin.
> Also, Futon let's you create another simple user with the same name as the deleted server
admin without any problem, resulting on a password change for the old server admin, but that
user will stay as a server admin even if that wasn't the original intention.
> * I have experienced this creating these users through Futon by using the "Setup more
admins" popup

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

Mime
View raw message