Spike: users without a role can't log in

Description

Steps to reproduce

When a user is added without any groups (or groups without roles) it can't login:

  • Log in as admin

  • Create a new user, leave all groups unchecked

  • Log out

  • Try to login as the new user
    --> login does not work

Cause

  • In a new role is added to the token. This role is now required to log into Integrated

  • When the users doesn't have roles the eventlistener isn't fired

  • https://symfony.com/doc/current/security.html#roles "Make sure every user has at least one role, or your user will look like they're not authenticated. A common convention is to give every user ROLE_USER"

Solution

  • The best solution would be to add a ROLE_USER when the "Enable login" is enabled

  • Another option is to force ROLE_USER in the database for every user, but I don't like that solution

Technical tasks

-

Deployment actions

None

Status

Assignee

Unassigned

Reporter

Marijn Otte

Product owner

Marijn Otte

Plan date

None

Follow up date

None

Code reviewer

Michael Jongman

Developer

Ger Jan van den Bosch

Refiner

API

Dev hour estimate

None

Max. hours

9

External issue ID

None

Error message

None

Min. hours

7

Story Points

2

Time tracking

7h 30m

Epic Link

Sprint

None

Fix versions

Priority

Major
Configure