We're updating the issue view to help you get more done.

Learn more or See the old view

INTEGRATED-1014

INTEGRATED-1371

summary

Spike: users without a role can't log in

Description

Steps to reproduce

When a user is added without any groups (or groups without roles) it can't login:

Log in as admin
Create a new user, leave all groups unchecked
Log out
Try to login as the new user
--> login does not work

Cause

In a new role is added to the token. This role is now required to log into Integrated
When the users doesn't have roles the eventlistener isn't fired
https://symfony.com/doc/current/security.html#roles "Make sure every user has at least one role, or your user will look like they're not authenticated. A common convention is to give every user ROLE_USER"

Solution

The best solution would be to add a ROLE_USER when the "Enable login" is enabled
Another option is to force ROLE_USER in the database for every user, but I don't like that solution

Environment

None

Deployment actions

None

Technical tasks

Status

Assignee

Unassigned

Reporter

Marijn Otte

Labels

time-estimate-accepted

waiting-deploy

time-estimate-sent

Client

Integrated Marijn

External issue ID

None

Follow up date

None

Code reviewer

Michael Jongman

Developer

Ger Jan van den Bosch

Plan date

None

Max. hours

Error message

None

Min. hours

Product owner

Marijn Otte

Refiner

API

Switches

None

Dev hour estimate

None

Story Points

Time tracking

7h 30m

Epic Link

Website login

Sprint

None

Fix versions

integrated-0.9

Priority

Major