If a user logs in when a user record exists for their email, their session_sub is different, and the allow_sub_update flag is set to false, the record is not updated but the user is still logged in.
Expected behaviour: An error message is displayed and the user is logged out.
This is not an issue presently as the IDIR login guarantees that email unicity, but will be if multiple login methods are allowed.
Probability (how likely the bug is to happen, scored from 1-5): 1
Effect (how bad the bug is when it does happen, scored from 1-5): 5
Describe the Bug:
If a user logs in when a user record exists for their email, their session_sub is different, and the allow_sub_update flag is set to false, the record is not updated but the user is still logged in.
Expected behaviour: An error message is displayed and the user is logged out.
This is not an issue presently as the IDIR login guarantees that email unicity, but will be if multiple login methods are allowed.
Probability (how likely the bug is to happen, scored from 1-5): 1 Effect (how bad the bug is when it does happen, scored from 1-5): 5