Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-12731

forgottenPassword request sends email to Inactive user

    Details

    • Type: Bug
    • Status: Open
    • Priority: Major
    • Resolution: Unresolved
    • Affects Version/s: 13.5.1, 5.5.1
    • Fix Version/s: None
    • Component/s: self-service, XUI
    • Labels:
    • Target Version/s:
    • Rank:
      1|hzvngv:
    • Support Ticket IDs:

      Description

      Bug description

      When a user marked as Inactive clicks Forgot Password? and enters their email address, an email is sent to the user's email address. 

      How to reproduce the issue

      1. Create User Self Service for Forgotten Password
      2. Create Email Service
      3. Create a subject and ensure the subject has an email address. Mark as Inactive.
      4. Click Forgot Password? and use email for Inactive account.
      Expected behaviour
      AM should not send an email to the Inactive user.
      Current behaviour
      AM sends an email to the Inactive user. AM does however return a 403 Forbidden at the point the user follows the emailed link and enters a new password. 

       

       

        Attachments

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              aaron.haskins Aaron Haskins
            • Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

              • Created:
                Updated: