Issue 2550963
Created on 2018-06-27 09:20 by schlatterbeck, last changed 2018-06-27 10:04 by schlatterbeck.
msg6096 |
Author: [hidden] (schlatterbeck) |
Date: 2018-06-27 09:20 |
|
I have feedback from a customer running the current release candidate of
roundup. The password reset routine doesn't work (how it doesn't work
see below). I've been able to reproduce this with the current
release-candidate "classic" tracker template as follows:
- press the "Lost your login?" Link and fill in the username for which
you want to reset the password, it will mail (or write to the debug
file) a password-reset link
- Open this reset link in a new window in the browser, it will display a
message with green background "Password reset and email sent to ..."
- check email or email-file again, this now contains a mail with a new
password for the given user
Neither the new nor the old password work now for logging into the tracker.
|
msg6097 |
Author: [hidden] (schlatterbeck) |
Date: 2018-06-27 09:35 |
|
Update: Looks like the password is still the old password for the
test-user. So the new password that is announced via email never makes
it to the database.
I'm running an almost unmodified classic template but with some of the
class-permissions (issue, user, ...) removed from the anonymous user.
I'm using an ancient config.ini that was just updated with the recent
settings but everything was left at the defaults.
|
msg6098 |
Author: [hidden] (schlatterbeck) |
Date: 2018-06-27 10:03 |
|
Fixed in commit ed6153d3ee6a
The problem was that the password change wasn't committed to the
database. After refactoring and using a separate database connection for
one-time-key (otk) handling and the main database we need to commit to
them separately. There was only a commit for the otk-key but not for the
password change.
|
|
Date |
User |
Action |
Args |
2018-06-27 10:04:00 | schlatterbeck | set | status: new -> closed resolution: fixed messages:
+ msg6098 |
2018-06-27 09:35:41 | schlatterbeck | set | messages:
+ msg6097 |
2018-06-27 09:20:21 | schlatterbeck | create | |
|