Mahara to ask for password before self-deleting account

Bug #1758801 reported by Kristina Hoeppner on 2018-03-26
256
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Mahara
Wishlist
Robert Lyon

Bug Description

Follow-on from bug #1422492

When a user clicks the "Delete account" button, they should be asked for their password before initiating the direct account deletion or request the account deletion (possible from 18.04 onwards).

information type: Public → Public Security
Robert Lyon (robertl-9) on 2018-03-26
Changed in mahara:
assignee: nobody → Robert Lyon (robertl-9)
status: Confirmed → In Progress

We'll need to think a bit more about this with SSO in mind.

Changed in mahara:
milestone: 18.10.0 → 19.04.0
Steven (stevens-q) wrote :

Environment tested: Master
Browser tested: Chrome

Preconditions:
1. User exists

Test Steps:
1. User is logged in
2. User browse to User menu > Settings > Preferences
3. Confirm that there is a Delete account button located top right on page
4. Click the Delete account button
5. Confirm user is redirected to the Delete account page ✔
6. Confirm there is a warning message displayed ✔
7. Confirm a required current password field is displayed ✔
8. Enter a correct password in the field
9. click the delete button
10. Confirm that user is logged out ✔
11. Confirm that the following conformation message is displayed "Your account has been deleted." ✔

Catalyst QA Approved ✔

Steven (stevens-q) wrote :

Bug Title: Required field not visually evident when deleting account

Bug Summary: The required current password field is not visually evident when deleting account
===========================================

Environment tested: Master
Browser tested: Chrome

Preconditions:
1. User exists

Test Steps:
1. User logged in
2. User browse to User menu > Settings > Preferences
3. User click the Delete account button (top of Page)

Actual result: The current password field does not have the * next to the field label indicating that it is a required field

Expected result: The current password field label should have the "*" next to the field label indicating that it is a required field

Steven (stevens-q) wrote :

Bug Fixed - The current password field label has the "*" next to the field label indicating that it is a required field

Catalyst QA Approved ✔

Reviewed: https://reviews.mahara.org/8726
Committed: https://git.mahara.org/mahara/mahara/commit/b31c665260114ef31abc87e234d47af698c49eef
Submitter: Robert Lyon (<email address hidden>)
Branch: master

commit b31c665260114ef31abc87e234d47af698c49eef
Author: Robert Lyon <email address hidden>
Date: Tue Mar 27 11:36:54 2018 +1300

Bug 1758801: Force self deleting user to confirm with their password

When on account/delete.php page and
site setting "Review account before self-deletion" is off

behatnotneeded

Change-Id: Iee3309ae531583756ecf1f610811b9c20c1f2469
Signed-off-by: Robert Lyon <email address hidden>

Robert Lyon (robertl-9) on 2018-11-01
Changed in mahara:
status: In Progress → Fix Committed
Changed in mahara:
importance: High → Wishlist
tags: added: nominatedfeature
Changed in mahara:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public Security information  Edit
Everyone can see this security related information.

Other bug subscribers