View Issue Details

IDProjectCategoryView StatusLast Update
0008398Talerchallengerpublic2024-05-15 18:01
ReporterChristian Grothoff Assigned Tosebasjm  
PrioritynormalSeveritymajorReproducibilityalways
Status closedResolutionfixed 
Platformi7OSDebian GNU/LinuxOS Versionsqueeze
Product Versiongit (master) 
Target Version0.11Fixed in Version0.11 
Summary0008398: can keep changing e-mail indefinitively often
DescriptionEven though the counter says that I cannot change the e-mail address any more, I can change it and the form still allows me
to submit, and then I am even still asked to enter a pin!

Now, the backend (!) didn't change the e-mail address (it refused correctly), but it also didn't return an error for the form.

We should:
- return an error from the backend if the e-mail address change count was exceeded, and
- not offer the user the chance to enter another e-mail address if the counter is zero.
TagsNo tags attached.

Relationships

child of 0008419 confirmed test, package and upload challenger 0.13 to ftp and stable Debian/Ubuntu server 
child of 0008731 assignedsebasjm create spec for get challenge information and solved them 

Activities

Christian Grothoff

2024-02-14 14:27

manager   ~0021291

The challenger service *also* actually sends the e-mails, it just stops updating the DB...

Christian Grothoff

2024-02-14 15:05

manager   ~0021293

From https://www.oauth.com/oauth2-servers/server-side-apps/possible-errors/
"""
The user denies the request

If the user denies the authorization request, the server will redirect the user back to the redirect URL with error=access_denied in the query string, and no code will be present. It is up to the app to decide what to display to the user at this point.
"""
This redirection is missing in challenger!

Christian Grothoff

2024-02-17 20:44

manager   ~0021335

Should be fixed now, needs testing.

Christian Grothoff

2024-02-18 13:21

manager   ~0021338

The core logic works now. What is still not good are the MUST templates, they should show the proper details / right links depending on what is still allowed to provide proper guidance for the user through the process.

sebasjm

2024-04-22 17:51

developer   ~0022290

82b8e83ca

Issue History

Date Modified Username Field Change
2024-02-14 14:12 Christian Grothoff New Issue
2024-02-14 14:12 Christian Grothoff Status new => assigned
2024-02-14 14:12 Christian Grothoff Assigned To => sebasjm
2024-02-14 14:27 Christian Grothoff Assigned To sebasjm => Christian Grothoff
2024-02-14 14:27 Christian Grothoff Note Added: 0021291
2024-02-14 15:05 Christian Grothoff Note Added: 0021293
2024-02-16 22:32 Christian Grothoff Target Version 0.10 => 0.11
2024-02-16 22:46 Christian Grothoff Relationship added child of 0008419
2024-02-17 20:44 Christian Grothoff Note Added: 0021335
2024-02-18 13:21 Christian Grothoff Note Added: 0021338
2024-02-18 13:21 Christian Grothoff Assigned To Christian Grothoff => sebasjm
2024-04-15 11:13 Christian Grothoff Relationship added child of 0008731
2024-04-22 17:51 sebasjm Status assigned => resolved
2024-04-22 17:51 sebasjm Resolution open => fixed
2024-04-22 17:51 sebasjm Note Added: 0022290
2024-05-15 17:53 Christian Grothoff Fixed in Version => 0.11
2024-05-15 18:01 Christian Grothoff Status resolved => closed