Should not be able to browse on a deleted account.
Actual behavior
Account was deleted by support but it still works. My best guess is that when support deletes an account for a migration existing JWTs do not get invalidated.
Steps to reproduce the problem
Create a new account
Log in using "remember me"
Request support to delete this account (for a migration)
Close browser window
Wait for support to delete account (and migrate packages)
Open browser window again, you should be logged in on your supposedly deleted account
Browser with version
Firefox for Ubuntu (canonical - 1.0), v59.0.2 (64-bit)
Link to the page
http://npmjs.com/
Logged in or logged out?
Logged in
Expected behavior
Should not be able to browse on a deleted account.
Actual behavior
Account was deleted by support but it still works. My best guess is that when support deletes an account for a migration existing JWTs do not get invalidated.
Steps to reproduce the problem
Browser with version
Firefox for Ubuntu (canonical - 1.0), v59.0.2 (64-bit)
Any error message?
No.