Bug #33707
It is possible to authenticate with an expired account
| Status: | Resolved | Start date: | 2012-02-06 | |
|---|---|---|---|---|
| Priority: | Must have | Due date: | ||
| Assigned To: | Karsten Dambekalns | % Done: | 100% |
|
| Category: | Security | |||
| Target version: | TYPO3 Flow Base Distribution - 1.0.3 | |||
| PHP Version: | 5.3 | Complexity: | no-brainer | |
| Has patch: | No | Affected Flow version: | FLOW3 1.0.0 |
Description
authenticationManager->authenticate() works even with expired account: account->getExpirationDate() is in the past.
Associated revisions
[BUGFIX] Makes account expiry work as expected
The expiry if an account was checked in a way that left an account
enabled until after it's last day. Now it will expire exactly when
it should.
Change-Id: I97a70cb167b61e37183f88a23aabf2c9aec498d7
Fixes: #33707
Releases: 1.0, 1.1
[BUGFIX] Makes account expiry work as expected
The expiry if an account was checked in a way that left an account
enabled until after it's last day. Now it will expire exactly when
it should.
Change-Id: I974f91032412c60fdc22fcf8bb68ef125099d3e5
Fixes: #33707
Releases: 1.0, 1.1
History
#1 Updated by Patrick Pussar over 3 years ago
After some investigation I found out that this feature works actually, but only on day basis.
I would assumed that it would work also on Minute basis.
The query defined in AccountRepository.php just checks on day basis:
...
$query->greaterThan('expirationDate', new \DateTime('today'))
...
but I would assume this check:
$query->greaterThan('expirationDate', new \DateTime())
#2 Updated by Karsten Dambekalns over 3 years ago
- Status changed from New to Accepted
- Assigned To set to Karsten Dambekalns
- Target version set to 1.1
- Complexity set to no-brainer
#3 Updated by Karsten Dambekalns over 3 years ago
- Target version changed from 1.1 to 1.0.3
#4 Updated by Gerrit Code Review over 3 years ago
- Status changed from Accepted to Under Review
Patch set 1 for branch master has been pushed to the review server.
It is available at http://review.typo3.org/8926
#5 Updated by Gerrit Code Review over 3 years ago
Patch set 1 for branch FLOW3-1.0 has been pushed to the review server.
It is available at http://review.typo3.org/9129
#6 Updated by Karsten Dambekalns over 3 years ago
- Status changed from Under Review to Resolved
- % Done changed from 0 to 100
Applied in changeset 873bdd5376defbd863929258b2e52f63b8b73dbe.