Vés al contingut principal

Configuració de les galetes

Fem servir galetes per assegurar les funcionalitats bàsiques del lloc web i per a millorar la teva experiència en línia. Pots configurar i acceptar l'ús de galetes, i modificar les teves opcions de consentiment en qualsevol moment.

Essencials

Preferències

Analítiques i estadístiques

Màrqueting

This proposal has been implemented

This incidence has been solved. Closed via #5318

Thank you for contributing!

[Critical] Managed users with same name "steals" other person's identity

Avatar: AH AH Finished
When a Decidim instance has a form authorization handler, it allows the admin users to "steal" existing managed users' identities with the name (even if the authorization is unique). This is due to these lines in the core code: https://git.io/fjhef On these lines, the system assumes the user's name field is unique within the organization's managed users. If a managed user with the same name has been created, that user account will be taken into control. It should not be assumed that all users have a unique name. The admin users can easily go wrong, as the field says "Name", so it guides the admin users to fill in the person's name. There can be multiple people with the same name, so it should not be assumed that the name is a unique identifier to the person. Any Decidim instance with form authorization handlers defined is affected. Found on Helsinki testing instance. This bug was discovered during Helsinki user testing. Thank you @katjah for reporting this.
Comentari

Confirmar

Si us plau, inicia la sessió

La contrasenya és massa curta.

Compartir