Spike: users without a role can't log in
Description
Steps to reproduce
When a user is added without any groups (or groups without roles) it can't login:
Log in as admin
Create a new user, leave all groups unchecked
Log out
Try to login as the new user
--> login does not work
Cause
In a new role is added to the token. This role is now required to log into Integrated
When the users doesn't have roles the eventlistener isn't fired
https://symfony.com/doc/current/security.html#roles "Make sure every user has at least one role, or your user will look like they're not authenticated. A common convention is to give every user ROLE_USER"
Solution
The best solution would be to add a ROLE_USER when the "Enable login" is enabled
Another option is to force ROLE_USER in the database for every user, but I don't like that solution
Environment
None
Deployment actions
None
Technical tasks
-
Status
Assignee
Unassigned
Reporter
Marijn Otte
Client
Integrated Marijn
External issue ID
None
Follow up date
None
Code reviewer
Michael Jongman
Developer
Ger Jan van den Bosch
Plan date
None
Max. hours
9
Error message
None
Min. hours
7
Product owner
Marijn Otte
Refiner
API
Switches
None
Dev hour estimate
None
Story Points
2
Time tracking
7h 30m
Epic Link
Sprint
None
Fix versions
Priority
MajorConfigure