Integration with logintoboggan

mcarbone - January 17, 2007 - 00:39

Project:	Role Delay
Version:	5.x-1.x-dev
Component:	Code
Category:	feature request
Priority:	normal
Assigned:	Unassigned
Status:	closed

When using logintoboggan to automatically log in newly registrated users with a non-authenticated role, roledelay creates a security hole by allowing unverified users to simply wait for their permissions, without ever validating their registration via email. This patch adds a setting to change the roledelay timer to start when logintoboggan verifies, not immediately upon registration. NOTE: This patch shouldn't be integrated unless logintoboggan accepts my one line patch adding a hook when it email validates.

Attachment	Size
roledelay.module.patch	2.63 KB

» Login or register to post comments

#1

mcarbone - January 17, 2007 - 00:51

Apologies -- I missed something the first time around. Here's the corrected patch.

Attachment	Size
roledelay.module_0.patch	2.69 KB

#2

mcarbone - January 19, 2007 - 17:55

At the behest of Gary Feldman over at logintoboggan, I modified the hook op for when logintoboggan validates from 'validate' to 'update.' All other changes are the same.

Attachment	Size
roledelay.module_1.patch	2.69 KB

#3

mcarbone - January 29, 2007 - 21:41

The invocation from logintoboggan's end is still in flux, but I've attached the latest patch to conform with their end. Still, I'd consider this patch on hold until the logintoboggan side is approved.

Attachment	Size
roledelay.module_2.patch	2.94 KB

#4

mcarbone - May 14, 2008 - 00:18

Version:	4.7.x-1.x-dev	» 5.x-1.x-dev
Status:	needs review	» fixed

#5

Anonymous (not verified) - May 28, 2008 - 00:21

Status:

fixed

» closed

Automatically closed -- issue fixed for two weeks with no activity.

Integration with logintoboggan

Jump to:

#1

#2

#3

#4

#5

User login

Contributor links