User may register without validating the email address

Bug #667899 reported by Natalia Bidart on 2010-10-28
10
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Ubuntu Single Sign On Client
Status tracked in Trunk
Stable-1-0
High
Natalia Bidart
Trunk
Medium
Natalia Bidart
ubuntu-sso-client (Ubuntu)
Medium
Natalia Bidart
Maverick
Medium
Natalia Bidart
Natty
Medium
Natalia Bidart

Bug Description

If the user cancels the registration process before validating the email, the registration in the SSO server was completed but the preferred email was not set, so our SSO server can't process the ping request.

We need to check if the user has a validated email address before logging him in.

TEST CASE:

To test, run in this branch the following:

* killall ubuntu-sso-login; DEBUG=True PYTHONPATH=. ./bin/ubuntu-sso-login

* In d-feet, execute the method 'register' in the com.ubuntu.sso bus name, object path /credentials, interface name ApplicationCredentials.
Parameters must be something like:

'Ubuntu Two', '', '', 0

* Once you get the SSO GUI, register a non existent user and do not enter the validation code. Just close the window when the validation code is requested.

* Open the SSO GUI again using d-feet and try to register the same user, you'll get a "Email already registered" error.

* Click on "I already have an account..." to login, and try to login with the former user and pass.

Behavior expected:

 - The login process doesn't succeed but instead the email verification screen appears.

Related branches

Changed in ubuntu-sso-client:
status: New → Triaged
importance: Undecided → Medium
assignee: nobody → Naty Bidart (nataliabidart)
tags: added: desktop+ u1-natty
Changed in ubuntu-sso-client (Ubuntu):
status: New → Triaged
importance: Undecided → Medium
assignee: nobody → Naty Bidart (nataliabidart)
tags: added: u1-maverick-sru
description: updated
description: updated
description: updated
Changed in ubuntu-sso-client (Ubuntu Maverick):
status: New → Triaged
importance: Undecided → Medium
Changed in ubuntu-sso-client (Ubuntu Maverick):
assignee: nobody → Naty Bidart (nataliabidart)
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package ubuntu-sso-client - 1.1.2-0ubuntu1

---------------
ubuntu-sso-client (1.1.2-0ubuntu1) natty; urgency=low

  * New upstream release:

    [ Natalia B. Bidart <email address hidden> ]
      * The success page is not shown until the backend notifies that the ping
      finished successfully (LP: #667893).
      * Added a new DBus signal UserNotValidated to indicate when a user is
      registered but not validated (LP: #667899).
      * Added new workflow so email validation is requested if necessary.
 -- Natalia Bidart (nessita) <email address hidden> Thu, 04 Nov 2010 11:00:45 -0300

Changed in ubuntu-sso-client (Ubuntu Natty):
status: Triaged → Fix Released

Accepted ubuntu-sso-client into maverick-proposed, the package will build now and be available in a few hours. Please test and give feedback here. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you in advance!

Changed in ubuntu-sso-client (Ubuntu Maverick):
status: Triaged → Fix Committed
tags: added: verification-needed
Natalia Bidart (nataliabidart) wrote :

Tested on a clean virtual machine with -proposed enabled. New version works as expected:

User is not logged in into SSO if the account doesn't have a validated email, the user is prompted for the verification code.

Martin Pitt (pitti) on 2010-11-15
tags: added: verification-done
removed: verification-needed
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package ubuntu-sso-client - 1.0.7-0ubuntu1

---------------
ubuntu-sso-client (1.0.7-0ubuntu1) maverick-proposed; urgency=low

  * New upstream release (1.0.6, 1.0.7):

    [ Natalia B. Bidart <email address hidden> ]
      * Added a new DBus signal UserNotValidated to indicate when a user is
      registered but not validated (LP: #667899).
      * Added new workflow so email validation is requested if necessary.
      * The verify email page should be always built, not only on registration.

    [ Alejandro J. Cura <email address hidden> ]
      * Store credentials on the keyring *only* from the main thread (LP:
      #656545).

  * New upstream release (1.0.5):

    [ Natalia B. Bidart <email address hidden> ]

      * Credentials are removed if the pinging to the server fails or any
      other exception occurs (LP: #660516).
 -- Natalia Bidart (nessita) <email address hidden> Thu, 04 Nov 2010 09:21:00 -0300

Changed in ubuntu-sso-client (Ubuntu Maverick):
status: Fix Committed → Fix Released
tags: added: testcase
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers