Bug 39682 – password change doesn't work if the password is expired

Bug 39682 - password change doesn't work if the password is expired


Summary:	password change doesn't work if the password is expired

Status:	CLOSED FIXED

Product:	UCS
Classification:	Unclassified
Component:	Self Service
Version:	UCS 4.1
Hardware:	Other Linux

Importance:	P5 normal (vote)
Target Milestone:	UCS 4.1
Assigned To:	Florian Best
QA Contact:	Daniel Tröder

URL:
Keywords:	interim-2

Depends on:
Blocks:
	Show dependency tree / graph

Reported:	2015-10-30 12:31 CET by Florian Best
Modified:	2015-11-17 12:12 CET (History)
CC List:	1 user (show)

See Also:
What kind of report is it?:	---
What type of bug is this?:	---
Who will be affected by this bug?:	---
How will those affected feel about the bug?:	---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Max CVSS v3 score:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Florian Best

2015-10-30 12:31:34 CET

The password change module of the self service fails if the password is expired because the authentication fails. One have to pass the new credentials directly in the authentication request.

Comment 1 Florian Best

2015-11-02 18:18:10 CET

svn r65092

Comment 2 Daniel Tröder

2015-11-05 12:37:09 CET

(server)# udm users/user modify --dn uid=test1,cn=users,dc=uni,dc=dtr --set pwdChangeNextLogin=1
(client)# smbclient -U test1 -L 10.200.3.26
Enter test1's password: 
session setup failed: NT_STATUS_PASSWORD_MUST_CHANGE
(client)# curl -s -H "Content-Type: application/json" -H "Accept-Language: de_DE" -X POST -d '{"username":"test1","password":"test1","email":"test1neu@example.com","mobile":"123"}' http://10.200.3.26/univention-self-service/passwordreset/set_contact | json_xs
(client)# curl -s -H "Content-Type: application/json" -H "Accept-Language: de_DE" -X POST -d '{"username": "test1", "method": "email"}' http://10.200.3.26/univention-self-service/passwordreset/send_token
(server)# PGPASSWORD="$(cat /etc/self-service-db.secret)" pg_dump --data-only --host=localhost --username=selfservice selfservice | grep -A5 "^COPY tokens"
(client)# curl -s -H "Content-Type: application/json" -H "Accept-Language: de_DE" -X POST -d '{"username": "test1", "password": "test1neu1", "token": "iS2YUJYEcbC82JJbv7WgtDVsTq3aoLAj3Xpa5vXEt3hi9VpwK5VVKd3NNuMEvyTF"}' http://10.200.3.26/univention-self-service/passwordreset/set_password | json_xs
{
   "message" : "Ihr Passwort wurde erfolgreich geändert.",
   "result" : null
}
(client)# smbclient -U test1 -L 10.200.3.26
Enter test1's password: 
session setup failed: NT_STATUS_PASSWORD_MUST_CHANGE

OK: the password was changed
Fail: pwdChangeNextLogin was not reset

Comment 3 Florian Best

2015-11-06 13:58:32 CET

yep, fixed that typo.

Comment 4 Daniel Tröder

2015-11-06 15:01:16 CET

(In reply to Daniel Tröder from comment #2)
> OK: the password was changed
> Fail: pwdChangeNextLogin was not reset
Fixed in r65284.

Comment 5 Stefan Gohmann

2015-11-17 12:12:47 CET

UCS 4.1 has been released:
 https://docs.software-univention.de/release-notes-4.1-0-en.html
 https://docs.software-univention.de/release-notes-4.1-0-de.html

If this error occurs again, please use "Clone This Bug".