User Registration without security code

[GoogleCodeExporter]

What steps will reproduce the problem?

1. Configuration
 1. Activate Module -> New User Registration
 2. Add cn in the field New User Form
 3. add cn and mail in the field Unique Attributes : cn and mail
 4. Enable New User Email Verification
2. Create a new user
 1. After the creation, it is sending a code to the mail address
 2. Do not use the code
 3. Recreate the same user (same cn and same mail)
 4. Your account is created!

What is the expected output? What do you see instead?

The expected output is to avoid the creation of the account without the 
security code. Instead, it is possible to create a new account without the 
security code (it means, you can use a fake email to register)

What version of PWM are you using?
1.6.1

What ldap directory and version are you using?
It is not LDAP related. I think PWM store the "temporary user" in a pwm 
database (which one?) and for a new user creation, PWM doesn't check this 
database. This only check should be sufficient.

Original issue reported on code.google.com by pierre.o...@gmail.com on 21 Jun 2012 at 1:14

[GoogleCodeExporter]

If you don't want the email address to be validated and for the user to receive 
the validation email, then turn off the "New User Email Verification" option.  
Otherwise you'll have to explain better what your asking, I don't understand.

Original comment by jrivard on 26 Jun 2012 at 9:34

• Changed state: Invalid

[GoogleCodeExporter]

Hi,

Clarification : 

the account creation method I want to use is just email. This way is secured by 
the security code sent to the email (to verify that the user is the actual 
owner of this email)

But there is a bug that let's a user create an account without entering the 
security code received by mail.

He just has to recreate his account, and done. (Step 2.3)

Is it clear? Sorry if it wasn't the first time...

Thanks for your help :)

Original comment by pierre.o...@gmail.com on 11 Jul 2012 at 4:00