mirror of
https://we.phorge.it/source/phorge.git
synced 2024-11-11 09:22:40 +01:00
301fed1b43
Summary: - When an administrator creates a user, provide an option to send a welcome email. Right now this workflow kind of dead-ends. - Prevent administrators from changing the "System Agent" flag. If they can change it, they can grab another user's certificate and then act as them. This is a vaguely weaker security policy than is exhibited elsewhere in the application. Instead, make user accounts immutably normal users or system agents at creation time. - Prevent administrators from changing email addresses after account creation. Same deal as conduit certs. The 'bin/accountadmin' script can still do this if a user has a real problem. - Prevent administrators from resetting passwords. There's no need for this anymore with welcome emails plus email login and it raises the same issues. Test Plan: - Created a new account, selected "send welcome email", got a welcome email, logged in with the link inside it. - Created a new system agent. - Reset an account's password. Reviewed By: aran Reviewers: tuomaspelkonen, jungejason, aran CC: anjali, aran, epriestley Differential Revision: 379 |
||
|---|---|---|
| .. | ||
| controller | ||
| oauth/provider | ||
| view/oauthfailure | ||