We're updating the issue view to help you get more done. 

Spike: users without a role can't log in

Description

Steps to reproduce

When a user is added without any groups (or groups without roles) it can't login:

  • Log in as admin

  • Create a new user, leave all groups unchecked

  • Log out

  • Try to login as the new user
    --> login does not work

Cause

  • In a new role is added to the token. This role is now required to log into Integrated

  • When the users doesn't have roles the eventlistener isn't fired

  • https://symfony.com/doc/current/security.html#roles "Make sure every user has at least one role, or your user will look like they're not authenticated. A common convention is to give every user ROLE_USER"

Solution

  • The best solution would be to add a ROLE_USER when the "Enable login" is enabled

  • Another option is to force ROLE_USER in the database for every user, but I don't like that solution

Environment

None

Deployment actions

None

Technical tasks

-

Status

Assignee

Unassigned

Reporter

Marijn Otte

Client

Integrated Marijn

External issue ID

None

Follow up date

None

Code reviewer

Michael Jongman

Developer

Ger Jan van den Bosch

Plan date

None

Max. hours

9

Error message

None

Min. hours

7

Product owner

Marijn Otte

Refiner

API

Switches

None

Dev hour estimate

None

Story Points

2

Time tracking

7h 30m

Epic Link

Sprint

None

Fix versions

Priority

Major