Item2552: In some special cases where one user changes password for someone else you get an error message saying system does not support password reset

pencil
Priority: Low
Current State: No Action Required
Released In:
Target Release: n/a
Applies To: Engine
Component:
Branches:
Reported By: KennethLavrsen
Waiting For: Main.KennethLavrsen
Last Change By: KennethLavrsen
Someone have put a block on changing password when you have set allow login name.

Why?

It should be given by the password handler alone. And you can reset the password.

I have seen this in trunk and need to get back if this is also an issue in Release branch.

I am working on something else so I am throwing this bug report in briefly so I do not forget it.

Assigning to myself for now because I need to try also on Release

-- KennethLavrsen - 02 Jan 2010

It is also in Release branch

-- KennethLavrsen - 09 Jan 2010

I am working on this.

I think it is related to how and who is authenticated when you reset the password.

-- KennethLavrsen - 09 Jan 2010

I think it is related to the way I test. I am often logged in as a user with admin rights and then test reset of password for a normal user. I think it happens when I am already authenticated as normal user. I think the session files belong to the logged in user and when I pass through the CSRF screen because I try it many times, then something fails.

This is not at all the normal use case. I downgrade this to low. I want to understand the root cause because it can still cover up a bug but it is for sure not a release blocker.

-- KennethLavrsen - 09 Jan 2010

Looked more. it is related to being authenticated first as someone else and even then it takes one more condition before it happens. Also in trunk.

So keeping this low is correct. Changing the summary line also. And it is not related to Allow login name.

-- KennethLavrsen - 10 Jan 2010

I have not seen this since I fixed the racing condition problem with .htaccess. I bet this was an example of that problem.

-- KennethLavrsen - 09 Aug 2010

ItemTemplate edit

Summary In some special cases where one user changes password for someone else you get an error message saying system does not support password reset
ReportedBy KennethLavrsen
Codebase 1.0.8, trunk
SVN Range
AppliesTo Engine
Component
Priority Low
CurrentState No Action Required
WaitingFor KennethLavrsen
Checkins
TargetRelease n/a
ReleasedIn
Topic revision: r5 - 09 Aug 2010, KennethLavrsen
The copyright of the content on this website is held by the contributing authors, except where stated elsewhere. See Copyright Statement. Creative Commons License    Legal Imprint    Privacy Policy