pwFoo / FrontendUser / issues / #8 - token not verified properly — Bitbucket

Issue #8 new

Krisjanis Berzins created an issue 2016-06-28

Hi this is a bit of a security issue. Just verified on a fresh PW 3.0.23 install with the latest FrontendUser.

When I am using the verify user email plugin it lets me type in any random token in the field and choose password/register without actually following the link in the email/copying the token. No errors thrown, just seems like it ignores the token field.

Comments (5)

Krisjanis Berzins reporter
line 129 seems to break the validation... if 129 is commented and the old 128 uncommented it works again.
- 2016-06-28T10:12:17+00:00
pwFoo repo owner
Hi @onoffonoff https://bitbucket.org/pwFoo/frontenduser/commits/05b2c3a6e4af681cf31a75319b6d4dba36677fe9 Is the problem still there? I can't test it at the moment... Could you verify and report back, please?
- 2016-06-28T10:27:19+00:00
Krisjanis Berzins reporter
nope that does not fix it. I would recommend my 2nd comment.. lines: -129 +128
- 2016-06-28T11:24:19+00:00
Krisjanis Berzins reporter
it will need extra logic, and I have no time to work on it right now unfortinately...
- 2016-06-28T11:24:58+00:00
pwFoo repo owner
Could you test it and report back? https://bitbucket.org/pwFoo/frontenduser/commits/dc11ae43faade9545d15f2b3986280a75a211757?at=master
- 2016-06-30T21:27:00+00:00
Log in to comment

Assignee: pwFoo

Type: bug

Priority: critical

Status: new

Votes: 0

Watchers: 2

Jira: the preferred issue tracker for Bitbucket. Join the team!