/user/edit/{user} can be used to change password and email address

conwetlab / ckanext-oauth2

OAuth2 support for CKAN

GNU Affero General Public License v3.0

25 stars 56 forks source link

Closed frafra closed 2 years ago

frafra commented 2 years ago

It looks like users can alter their password and email address. I do not think that should be allowed by default if OAuth2 is used as authentication.

frafra commented 2 years ago

Sorry, wrong repo.