Skip to content
This repository has been archived by the owner on Dec 14, 2017. It is now read-only.

LastLogin has been populated with unverified account #496

Closed
Mikes82 opened this issue Feb 9, 2015 · 6 comments
Closed

LastLogin has been populated with unverified account #496

Mikes82 opened this issue Feb 9, 2015 · 6 comments
Labels
bug

Comments

@Mikes82
Copy link

Mikes82 commented Feb 9, 2015

Hi,

I’ve been running some create user and verifying tests and came up with the following issue:

If the user attempts to log in without verifying their account with the correct username and password, their UserAccounts "LastLogin" field will be populated with the time stamp. Which occurs even though they have not successfully logged in. (Being the account hasn't been verified yet)
This means later down the track when using IsNew() to verify the user account it will return false.

I can set allowLoginAfterAccountCreation="false" in web.config to prevent this from occurring and then reset the IsLoginAllowed = true at the verification stage as a work around, but i was wondering if there is a better way to handle this issue?

Thanks.
@brockallen
Copy link
Owner

I tried to reproduce this and can't. Here's what I did:

[TestMethod]
        public void MyTestMethod()
        {
            configuration.AllowLoginAfterAccountCreation = true;

            var acct = subject.CreateAccount("test", "pass", "test@test.com");

            var result = subject.Authenticate("test", "badpass");
            Assert.IsFalse(result);

            acct = subject.GetByID(acct.ID);
            Assert.IsTrue(acct.IsNew());

        }

IsNew checks last login for null.

So since I can't reproduce it, perhaps you can write a test to reproduce the problem you're seeing?

@girtsl
Copy link
Contributor

girtsl commented Feb 10, 2015

I'm experiencing the same issue. As usual, the devil is in the details - "If the user attempts to log in without verifying their account with the correct username and password".

If you change your test to use correct password for authentication, the test will fail.

@brockallen
Copy link
Owner

Ah, ok -- missed that. I'll try again.

@brockallen
Copy link
Owner

Ok, so yes, was now able to repro this -- looks like it was a bug due to a typo in Authenticate. Fixed on dev and will release updated NuGet soon.

brockallen added a commit that referenced this issue Feb 10, 2015
@brockallen
fix bug in authenticate related to logging in before account is verif…
da3ad4f 
…ied. #496
@parkinsona
Copy link

Hey Brock,
Will IdentityServer.MembershipReboot be updated to include this update?

@brockallen
Copy link
Owner

You should be able to manually update the nuget.

# for free to subscribe to this conversation on GitHub. Already have an account? #.
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@brockallen @girtsl @parkinsona @Mikes82