Capacity to change the username and the risk of usurpation⚓ Dev 📅 2023-03-27 👤 root 👁️ 176
Hi, I’m testing your forum and I’m very happy with it. It’s full of good ideas and nice features.
It’s possible to change the username and use the same one as an other user! I thought, yeah, it’s a cool feature to troll, then I thougt of the case of two users with the same username and the same weak password, so I tried.
You log in with the last user (highest id) and if you change the username again, you can’t log in with the first username anymore
400 Bad Request Error: wrong password
I think it is a major bug.
I don’t know Rust, at all, sorry, I can’t help you.🏷️ bug 🏷️ feature
root 2023-03-27 👍 👎 [op]
Even with different passwords, having the same username kill the login of users with lower uid. It is a big, big problem :D
freedit 2023-03-28 👍 1 👎
Thanks, I just fixed https://github.com/freedit-org/freedit/commit/7b83de1115354c6f3841940fe4af21a5cba8e49c
Anyway, you can login your account with uid.
Root 2023-03-30 👍 👎
@root @freedit Initially-capitalized usernames, Root, and lowercase root, should belong to the same user and not 2 different users, which can easily cause confusion
freedit 2023-03-30 👍 👎
@Root , in case anyone has login issue with username, just login with id and change your username.