Resetting the user password via the email password reset flow does not unlock a locked account

Description

1. User tries to login multiple times with a bad password, gets the account locked due to failed login attempts.

2. User resets the password following the email password reset flow.

3. The user still can't login because the account is still locked.

Steps to Reproduce

None

Current Behavior

None

Expected Behavior

None

Reason for Variance

None

Release Notes

None

User Impact Summary

None

Activity

Show:
Ivan Trendafilov
June 6, 2019, 2:58 PM

Brian,

So, for PLAT-2456, you are saying, it is by design that anyone can lock an account for 24 hours by guessing an email address?

Brian Beggs
June 6, 2019, 2:55 PM

Ivan,

This isn't the right place for this report. I am going to close this ticket as well as PLAT-2456. Could you please go to this link and open a ticket with edx support: https://support.edx.org/hc/.

Thank you!

Won't Do

Assignee

Unassigned

Reporter

Ivan Trendafilov

Labels

None

Reach

None

Impact

None

Platform Area

None

Customer

None

Partner Manager

None

URL

None

Contributor Name

None

Groups with Read-Only Access

None

Actual Points

None

Category of Work

None

Platform Map Area (Levels 1 & 2)

None

Platform Map Area (Levels 3 & 4)

None

Priority

Unset