Merge lp:~canonical-isd-hackers/canonical-identity-provider/bug-816622 into lp:canonical-identity-provider/release
Status: | Merged |
---|---|
Approved by: | Ricardo Kirkner |
Approved revision: | no longer in the source branch. |
Merged at revision: | 219 |
Proposed branch: | lp:~canonical-isd-hackers/canonical-identity-provider/bug-816622 |
Merge into: | lp:canonical-identity-provider/release |
Diff against target: |
50 lines (+20/-2) 2 files modified
identityprovider/forms.py (+11/-2) identityprovider/tests/test_views_ui.py (+9/-0) |
To merge this branch: | bzr merge lp:~canonical-isd-hackers/canonical-identity-provider/bug-816622 |
Related bugs: |
Reviewer | Review Type | Date Requested | Status |
---|---|---|---|
Ricardo Kirkner (community) | Needs Fixing | ||
Review via email: mp+72890@code.launchpad.net |
Commit message
Fix bug #816622: Users can login with unverified e-mail addresses
Description of the change
Overview
========
This branch fixes Bug: 816622, which was allowing users to log in to
SSO with an email account which was not yet verified.
Details
=======
The reason of this bug showing up is that there is a discrepancy
between API and Web. In the API it's possible to log in to an account
without verifying the email first. It was never the case for the
web. When working on limiting the number of queries and consolidating
codebase, one method is being used for both of those scenarios and the
change have made the behaviour consistent.
The change explicitly prevents logging in with email with status
'NEW' in the ``LoginForm``.
To test it follow instructions in ``README`` and then run ``$ fab test``.
LGTM, except that the original code verified email status against VALIDATED, OLD and PREFERRED instead of not NEW.
I think since this is a regression, we should keep the same condition check.