-
Type:
Bug
-
Status: Closed
-
Resolution: Fixed
-
Affects Version/s: 6.2.10 EE GA1, 6.2.X EE
-
Fix Version/s: 6.2.4 CE GA5, 6.2.X EE, 7.0.0 M3
-
Component/s: Application Security, Security Vulnerability
-
Labels:
-
Branch Version/s:6.2.x
-
Backported to Branch:Committed
-
Story Points:15
-
Fix Priority:3
-
Git Pull Request:
Description
When email verification is enabled and a user signs in for the first time, a challenge code is sent to the user's email address to verify their identity. In the instance where a user needs to change their email address and clicks on the "Change Email Address" button during the verification process, the user is presented with an new email address entry and confirmation field. When we attempt to add the user's new email address to these fields and click "Save" the Portal gives a blank page with no errors in the console. There is no indication of the Portal working, we simply land on http://localhost:8080/c/portal/update_email_address without any indication of movement. The request is unsuccessful, too, since the email isn't even sent out to either the user's old/new email address.
Steps to reproduce
- Start up a clean Liferay 6.2 EE SP4 + Tomcat bundle
- Sign in as test@liferay.com
- Access the Portal (http://localhost:8080)
- Enable user email verification (i.e. Control Panel > Configuration > Portal Settings > Authentication – flag "Require strangers to verify their email address?" OR we can set company.security.strangers.verify=true in portal-ext.properties before the start of the server)
- Create a new user and set the user's password to "test"
- Log out of test@liferay.com's session
- Log into the new user's account
- Accept the Agreement
- The next page will indicate the "Verify Email Address" requesting a verification code that is sent via email
- Click Change email address
- Add a valid email address and click Save
Expected Result
We are presented with a message indicating that the email address for the user has changed, and that the verification code would be sent there.
Actual Result
We land on http://localhost:8080/c/portal/update_email_address and we are stuck at a blank screen.
- relates
-
LPE-12286 Attempting to change email address during email verification page results in a blank page
-
- Closed
-