[LPS-43544] New user is added when he logs in with OpenID regardless of the property: company.security.strangers=false - Liferay Issues

XML

Word

Printable

Details

Type: Bug
Status: Closed
Resolution: Won't Fix
Affects Version/s: 6.1.30 EE GA3, 6.1.X EE, 7.0.0 M3
Fix Version/s: 6.1.30 EE GA3, 6.1.X EE, 7.0.0 M3
Component/s: Application Security, Security Vulnerability
Labels:
- ee-ts
Environment:
LIFERAY VERSION: 7.0 (master)
OPERATING SYSTEM: Windows7
APPLICATION SERVER: Tomcat 7.0.x
JAVA VIRTUAL MACHINE: Java 6
DATABASE: MYSQL 5.1

Fix Priority:
4

Description

Reproduction steps:

1. Set company.security.strangers=false in portal-ext.properties file
2. Start portal and try to log in with your personal Google (or any other OpenID) account
3. Click OpenID in the login portlet
4. Use your Google OpenID:
https://www.google.com/accounts/o8/id
or
https://www.google.com/accounts/o8/id?id=IBzuawnYZb7QLYfcjiN7xGch73l5tzPduntjTRw
or
https://profiles.google.com/423673095305781683875
The first one will be the proper if you don't know your personal exact ID.
5. You are redirected to Google login page, log in here
6. You are asked by Google if you trust localhost:8080 (the portal) to give out account details, click yes
7. You are redirected back to Liferay (there is an issue where you have to log in again, if you hit this, just use the OpenID login again)
8. You are then prompted to change the Liferay password of the new user
9. Check the database: a new user has been created

Attachments

Activity

People

Assignee:: Zsolt Szabo (Inactive)

Reporter:: Zsolt Szabo (Inactive)

Participants of an Issue:: Zsolt Szabo

Recent user:: Esther Sanz

Votes:: 0 Vote for this issue

Watchers:: 0 Start watching this issue

Dates

Created:: 16/Jan/14 6:19 AM

Updated:: 02/Dec/15 4:27 AM

Resolved:: 17/Jan/14 3:41 AM

Days since last comment:: 7 years, 7 weeks, 3 days ago

Packages

Version	Package
6.1.30 EE GA3
6.1.X EE
7.0.0 M3