Bug #6668
Do not allow editing username
0%
Description
With the new registration system the username is an opaque identifier, it shouldn't be editable, not even in /manage/
History
Updated by Benjamin Dauvergne almost 6 years ago
- Priority changed from Normal to Bas
All users do not come from public registration, it's currently not easy to differentiate user sources. Apart from /manage and /admin where do you see it editable ?
Updated by Frédéric Péters almost 6 years ago
That was mostly a comment about the /manage/ page. In our current configuration it's especially treacherous to let the admin change usernames as they're used as federation key.
Updated by Benjamin Dauvergne almost 6 years ago
The problem is storing the uuid in the username, that's not its place; any field should have only one semantic whatever the user. Work on access control contains a new user class with an uuid field, in the meantime we should live with this problem.
To ease manipulation of registrered user I advise using the A2_REGISTRATION_GROUP setting with a default value of "Online registration". It automatically adds registered to a group named "Online registration". If we need to migrate those user to a new uuid storage in the future it will help.
Updated by Benjamin Dauvergne almost 6 years ago
I set target release to future as for now it's not fixable.
Updated by Benjamin Dauvergne over 5 years ago
- Status changed from Nouveau to Solution déployée
- Assignee set to Benjamin Dauvergne
- Target version changed from future to 2.2.0
It's fixed by the custom user model, uuid is now stored in a different field.