serious authentication bug?

Question

Closed this issue 10 years ago · 8 comments

My fgmartin13@gmail.com user seems to be able to view all courses in the system, even though it's only enrolled for a subset of them.

But, if I log in as fredm@cs.uml.edu and examine the fgmartin13 user, this is what he's enrolled in:

Or not...

Answer 1 · 2015-01-03T17:37:16.000Z

Whoops I realized this is a feature, not a bug... you're deliberately revealing all courses to the user.

However, there is still an issue. I had added fgmartin13@gmail.com to the new 91.204.201 course, and it didn't get added to his courses.

See instructor's view:

Answer 2 · 2015-01-03T17:38:07.000Z

Also, I notice that fgmartin13@gmail.com is display as realname "Fred G Martin" in one place, and "Fred Martin" in another... can that be related?

Answer 3 · 2015-01-03T19:42:45.000Z

Huh. Looks like it's possible to add duplicate users with the same email. That shouldn't happen.

Answer 4 · 2015-01-04T00:10:49.000Z

Are messages ending up in your Spam box?

Answer 5 · 2015-01-04T00:15:10.000Z

Nice. One user is " fgmartin13@gmail.com". Looks like I have to sanitize input better.

Answer 6 · 2015-01-04T00:38:26.000Z

Looks like an email misconfiguration problem on the server. Should work now.

Answer 7 · 2015-01-04T00:40:56.000Z

Nope, just forgot to restart the server. Should work now.