← Back to team overview

mahara-contributors team mailing list archive

  1. mahara-contributors team
  2. Mailing list archive
  3. Message #02414

[Bug 692953] [NEW] XMLRPC automatic user creation and password recovery issue

  Thread PreviousDate PreviousThread Next 
Public bug reported:

Something to think about. The use case is:

1. Create user in moodle that would have the similar username and email to the one that already exists in Mahara (ensure "we auto-create the user" is set in XMLRPC settings). Say, we created user "test1".
2. Login to Mahara from Moodle, the new user with amended username will be created (test11). At this point we have two different usernames with the same email in Mahara.
3. Now, if original test1 forgot a password, (s)he will only be able to use username-based recovery in "Lost username/password", entering email will ends with error "The email address or username you entered doesn't match any users for this site".

The easiest way is probably ensuring that password recovery can be
requested for internal users only.

** Affects: mahara
     Importance: Low
     Assignee: Ruslan Kabalin (ruslan-kabalin)
         Status: New


** Tags: moodle password recovery xmlrpc

** Changed in: mahara
     Assignee: (unassigned) => Ruslan Kabalin (ruslan-kabalin)

** Changed in: mahara
   Importance: Undecided => Low

-- 
You received this bug notification because you are a member of Mahara
Contributors, which is subscribed to Mahara.
https://bugs.launchpad.net/bugs/692953

Title:
  XMLRPC automatic user creation and password recovery issue

Status in Mahara ePortfolio:
  New

Bug description:
  Something to think about. The use case is:

1. Create user in moodle that would have the similar username and email to the one that already exists in Mahara (ensure "we auto-create the user" is set in XMLRPC settings). Say, we created user "test1".
2. Login to Mahara from Moodle, the new user with amended username will be created (test11). At this point we have two different usernames with the same email in Mahara.
3. Now, if original test1 forgot a password, (s)he will only be able to use username-based recovery in "Lost username/password", entering email will ends with error "The email address or username you entered doesn't match any users for this site".

The easiest way is probably ensuring that password recovery can be requested for internal users only.

Follow ups

References

  Thread PreviousDate PreviousThread Next