I have observed what I consider a strange behaviour in the registration process of a new user. I’m sharing the case here so you can help me understand what happened and confirm if the system is working as intended.
Let me provide you with a bit of background first:
- We require authentication to read the content of the site since we are currently setting it up.
- We allow new user registrations so we are able to test the account creation process.
- We require staff approval for all new user accounts.
Since we are still preparing the site, seeing a user that I didn’t know in the users list surprised me so I decided to investigate.
Its username is
Pamela_Peppermint. This user signed up using Facebook Login (we recently added it). The associated email was a suspicious Gmail address. At first, I thought the user could be a spammer. However, I realized that it could be a Facebook employee checking our site using a dummy account since the user connected from a Facebook Corp address:
Now it’s when things get strange.
I see in the admin area that I just approved the user.
Since I didn’t recall doing it, I went to the Review queue to check when I approved that account. Given that we require staff approval for new accounts, all of them should end up in the Review queue. However, this user somehow bypassed it.
I turned to the logs to try to understand what happened, but I got even more confused. It seems that I had already approved the user a couple of weeks before (which AFAIK, I didn’t):
Hence, I have the following questions:
- Why this user doesn’t show up in the Review queue despite staff approval is required?
- Is it possible that a user can get approved twice?