When e.g. using authentication.fallback-admin.user = "admin" in config.toml and creating a user with the login "admin", the latter will shadow the fallback-admin user.
This is quite confusing (although I guess it can be changed by adapting authentication.fallback-admin.user) and it would probably be good to block administrators from adding an account where the Login name matches that of the fallback-admin.
How can we reproduce the problem?
Add authentication.fallback-admin.user = "admin" to config.toml and after login with it create an account for any domain with the Login name "admin".
Version
v0.7.x
What database are you using?
RocksDB
What blob storage are you using?
RocksDB
Where is your directory located?
Internal
What operating system are you using?
Linux
Relevant log output
No response
Code of Conduct
[X] I agree to follow this project's Code of Conduct
This is the intended behaviour, fall back admin accounts should be disabled after setup and use instead an administrator account defined in your directory.
What happened?
When e.g. using
authentication.fallback-admin.user = "admin"
in config.toml and creating a user with the login"admin"
, the latter will shadow the fallback-admin user.This is quite confusing (although I guess it can be changed by adapting
authentication.fallback-admin.user
) and it would probably be good to block administrators from adding an account where theLogin name
matches that of the fallback-admin.How can we reproduce the problem?
Add
authentication.fallback-admin.user = "admin"
to config.toml and after login with it create an account for any domain with the Login name "admin".Version
v0.7.x
What database are you using?
RocksDB
What blob storage are you using?
RocksDB
Where is your directory located?
Internal
What operating system are you using?
Linux
Relevant log output
No response
Code of Conduct