Make it possible for an administrator so send activation links to users upon their creation #4425
Comments
|
Thank you @schris-dk , this is actually intended and is resolving a bug. A user is active since it is created because users keys are generated and after creation only users with access to escrow keys could send the activation link or reset the password. We are preparing a small change enabling to send the activation link during creation of the user. |
evilaliv3
changed the title
|
OK – thnx for the info.
I think this is a potential “bottle neck”, as this is limiting the send of activation keys by only one entity – which also will be logged as this one entity (giving an unclear log trail).
Leaving only one entity with the ability to re-send activation links is quite risky in my point of view. As far as I’ve been looking at the way “escrow key admins” are setup, this is only possible on the initial global setup of the system, and these users are not able to be defined later – or am I wrong?
This option actually forces systems to have an escrow key admin – and is this stated during the setup that this is a vital need? (I don’t know, as I haven’t setup our system). In the current documentation it is only advised that such a user Is enabled. Setting up the system without one will leave other admins with out the possibility to resend any invites – (and right now without any ways to send an invite)
|
|
@schris-dk: the limit is given by encryption and how it works encryption requires keys and keys are as well should be preserved encrypted, this is why the activation link could be sent only by an admin on creation or by a users with access to escrow keys. I think you might be missing very knowledge about the system; let me try to clarify and please let us know if your organization need some technical training since we could provide it
|
|
Hi Giovanni!
Regarding your comments:
Regarding #1: My concern here was regarding the situation, where you have no escrow key admin – this would – in the current setup – make it impossible to send any invitations, as this only can be done from an escrow key admin, hence, “you would be dead in the water” with no option to proceed. In our initial setup we actually deliberately did not include this option, as we towards our clients could state, that we under no circumstances would be able to read incoming complaints (which actually is possible using the escrow key option)
Regarding #2: I finally found the option; however, I have not been able to find the description in the documentation 😊
|
|
Thank you @schris-dk Its correct. This ticket is remoduled specifically to address point #1 making possible on systems without key escrow to send the activation link as soon that the user is created to enable the usages where key escrows are disabled. |
|
@schris-dk : in realease 5.0.58 you now find the option to send the activation link to users during the creation of users.
This makes it possible for administrators that do not have access to escrow keys to send the activation link. Of course they could only if they do this during the moment of creation of the user since this is the time that users keys are generated. |
What version of GlobaLeaks are you using?
5.0.56
What browser(s) are you seeing the problem on?
N/A
What operating system(s) are you seeing the problem on?
N/A
Describe the issue
After upgrading our test environment to 5.0.56, admins cannot send account activation mails. Only the Escrow key admin can do so:
Regular admin:
Escrow key admin:
Proposed solution
No response
The text was updated successfully, but these errors were encountered: