View Issue Details

IDProjectCategoryView StatusLast Update
0022746mantisbtauthenticationpublic2017-04-30 14:48
Reportervboctor Assigned Tovboctor  
PrioritynormalSeverityminorReproducibilityalways
Status closedResolutionfixed 
Product Version2.3.1 
Target Version2.3.2Fixed in Version2.3.2 
Summary0022746: Lost password redirects to login page if email address is empty and anonymous access is disabled
Description

As part of evaluating whether the email address is valid or not, the code ends up redirecting the user to login page due to a call to get a user id while no user is authenticated.

TagsNo tags attached.

Activities

Related Changesets

MantisBT: master-2.3 9c9297e2

2017-04-19 07:40

vboctor


Details Diff
Lost password email validation fix

This was caused when:
- anonymous authentication is OFF.
- email address is left empty.

This caused calling auth_get_current_user_id() when no user is authenticated
which causes user to get redirected to login page and then get directed to
lost password action page, which then complains that there is no valid form
security token.

The correct behavior is to prompt an error message that email address is invalid.

Fixes 0022746
Affected Issues
0022746
mod - core/current_user_api.php Diff File