Orchardcore: Admin user became disabled
Did QA with TryOrchardCore.Web src.
Repro steps:
Build SAAS recipe orchard core site
Login to admin
Go to Security - > users, and edit user you specify on setup
Save the user
User disabled.
vitalybrandes
All 21 comments
Yep this is a funny one. I did that code. Though you should be able to disable an administrator account but not if it's the last one enabled.
Skrypt
on 23 Sep 2020
And I'm looking at your screens and it seems that from that form it should have kept the user as enabled. So, your issue is that you have a custom Handler that sets the User as disabled.
Skrypt
on 23 Sep 2020
Yep this is a funny one. I did that code. Though you should be able to disable an administrator account but not if it's the last one enabled.
For sure if you want to disable "yourself" :-)
vitalybrandes
on 23 Sep 2020
And I'm looking at your screens and it seems that from that form it should have kept the user as enabled. So, your issue is that you have a custom Handler that sets the User as disabled.
I agree, looks like that something happen behind the scene,
the problem is that this this pure code i take from orchard github.
https://github.com/OrchardCMS/TryOrchardCore
I didint make any custom dev...
vitalybrandes
on 23 Sep 2020
You should not be able to disable "yourself" as the "disabled" button is disabled 馃ぃ
Skrypt
on 23 Sep 2020
Hmm TryOrchardCore surely needs an update 馃槈
Report the issue there as I can't repro in the dev branch of this repository
Skrypt
on 23 Sep 2020
Hmm TryOrchardCore surely needs an update 馃槈
Report the issue there as I can't repro in the dev branch of this repository
Did you try clean setup?
remove App_data and recreate it?
vitalybrandes
on 23 Sep 2020
Yes I did a git clean -xdf on the folder. Though I did not recreate the database and tenants as it should not really matter.
Skrypt
on 23 Sep 2020
Yes I did a
git clean -xdfon the folder. Though I did not recreate the database and tenants as it should not really matter.
I think it is,
Its happen only for first user in the system,
When i added second admin and sis the same scenario, it was ok.
Can you backup your add_data and create one new for sec?
vitalybrandes
on 23 Sep 2020
Ok doing it.
Skrypt
on 23 Sep 2020
Ok I can repro, I understand the issue now.
Skrypt
on 23 Sep 2020
Ok I can repro, I understand the issue now.
Nice one :-)
vitalybrandes
on 23 Sep 2020
You should not be able to disable "yourself" as the "disabled" button is disabled
If I'm not wrong I fix this issue in OC, @Skrypt did you reproduce it in OC or try.OC?
hishamco
on 23 Sep 2020
OC
Skrypt
on 23 Sep 2020
The admin can disable him/her self ;)
hishamco
on 23 Sep 2020
I remembered I fix a delete issue not enable/disable user, I can handle this if no one start on it
hishamco
on 23 Sep 2020
The issue is that when the HTML checkbox slider component is set to disable it returns a false value everytime (this is something that changed).
We should validate these things on server side to make this bulletproof.
Skrypt
on 23 Sep 2020
I see, if you didn't start I can have a look and fix it
hishamco
on 23 Sep 2020
where can I contact some devs of OrchardCore about a privilege escalation that I have found...
bertalting
on 23 Sep 2020
//cc @sebastienros
Skrypt
on 23 Sep 2020
//cc @sebastienros
Thanks, reported and acknowledged by dev.
bertalting
on 23 Sep 2020
Related issues
deanmarcussen
路
3Comments
Ujinjinjin
路
3Comments
aghili371
路
3Comments
sebastienros
路
4Comments
lzw5399
路
3Comments
Most helpful comment
Ok I can repro, I understand the issue now.