Details
-
Type: Improvement
-
Status: Closed
-
Priority: Blocker
-
Resolution: Fixed
-
Affects Version/s: None
-
Fix Version/s: 4.0.0-b1
-
Component/s: None
-
Labels:None
Description
Blesta supports the legacy use of logging in via user ID. The user ID is not shown in v3+, and so is not likely to be used, and has been deprecated as of v3.5.0-b5.
Allowing login via user ID poses a problem as described in CORE-1700, where a numeric username may match multiple records, thus making the selection of the 'correct' user arbitrary.
Users::auth needs to be updated to remove authentication of a user by `users`.`id`.