|
|
| Reporter | pstelling | Assigned To | LimeBot | |
|---|
| Priority | none | Severity | minor | |
|---|
| Status | closed | Resolution | fixed | |
|---|
| Product Version | 4.0.0-RC4 | |
|---|
| Target Version | 4.0.x | |
|---|
This bug affects 1 person(s).
6
|
|
| Summary | 15767: Users (super admin user) could change pw using massive action |
|---|
| Description | In the "User Management panel" you have the possibility to change password of every user (including the user who is logged in) by massive action at once.
In the worse case this could mean, nobody could log in anymore when not getting an email.
Normally an email is always send to the users selected by massive action when using the functionality of changing passwords.
But what will happen, if those emails (with a randomized password) could not be send or not be read for some reason? Nobody could ever log in again and installation process has to be done again (loosing the actual data in the db).
Maybe it could be a good idea to exclude the user who is logged in and the super admin for this massive action? |
|---|
| Steps To Reproduce | BE CAREFUL (when reproducing it, you'll have to do the installation again)
Here i'm just reporting how it happend!
(1) Log in as super admin user (having a wrong/unknown email address saved)
(2) go to Manage Survey Administrator
(3) select all users in the Gridview and use the massive action "Resend login data"
A random password will be saved in database and the email with that new password will never arrive... |
|---|
| Tags | No tags attached. |
|---|
|
|
| Bug heat | 6 |
|---|
| Complete LimeSurvey version number (& build) | Version 4.0.0-RC14 |
|---|
| I will donate to the project if issue is resolved | No |
|---|
| Browser | |
|---|
| Database type & version | mysql |
|---|
| Server OS (if known) | |
|---|
| Webserver software & version (if known) | |
|---|
| PHP Version | 7.2 |
|---|
|
|
