[security] Manual user creation with password does not work as expected

[tukanos]

Hi Ethan,

I have just tried to create a user manually (no mailouts yet) and set him a password from within the Decko system, but to no avail.

I was unable to login as the user. Is there a trick to do so?

[ethn]

Can you confirm that:

1. The user has a user card (type is "User")
2. that user card has a +*account card
3. that +*account card has reasonable looking content for the +*email, +*password, and +*status fields? (password will just show the word "encrypted")

[tukanos]

I tried that with the following screen cast.

ad 1) yes the user card is type "User"
ad 2) the user card has a +*account card
ad 3) looks reasonable and the status field I changed from pending to active manually

unable_to_change_password_v2.zip

You can see it also on the attached video:

I have even encountered an error during a search. When a search string is tukan+*account+*status then the regexp engine returns an error (displayed in the screencast).

The error:

Error message (visible to admin only)

PG::InvalidRegularExpression: ERROR: invalid regular expression: quantifier operand invalid : /* *search / SELECT DISTINCT c1., c1.updated_at FROM cards c1 WHERE ((replace(c1.name,'+',' ') ~* '[[:<:]]tukan[[:>:]]' OR c1.db_content ~* '[[:<:]]tukan[[:>:]]') AND (replace(c1.name,'+',' ') ~* '[[:<:]]*account[[:>:]]' OR c1.db_content ~* '[[:<:]]*account[[:>:]]') AND (replace(c1.name,'+',' ') ~* '[[:<:]]*status[[:>:]]' OR c1.db_content ~* '[[:<:]]*status[[:>:]]')) AND c1.trash is false ORDER BY c1.updated_at desc LIMIT 20 OFFSET 0