it is possible to make a non-deleted account with no password and not single sign on mechanism.

sagemathinc / cocalc

CoCalc: Collaborative Calculation in the Cloud

https://CoCalc.com

Other

1.17k stars 216 forks source link

it is possible to make a non-deleted account with no password and not single sign on mechanism. #1901

Open williamstein opened 7 years ago

williamstein commented 7 years ago

Database query that lists them:

select count(*) from accounts where passports is null and password_hash is null and (deleted is null or not deleted);

My guess is that this might happen when a user is setting up an account via single sign on, and the process fails (e.g., due to server load, network issues, etc.).

This is high priority to fix because it leads to situations where students (say) have multiple accounts, and the wrong one is added to a course.

williamstein commented 7 years ago

Obvious question: should we delete all these inaccessible accounts?