Bug 44720 - password change dialog is shown only once
password change dialog is shown only once
Status: CLOSED FIXED
Product: UCS
Classification: Unclassified
Component: UMC (Generic)
UCS 4.2
Other Linux
: P5 normal (vote)
: UCS 4.2-0-errata
Assigned To: Florian Best
Felix Botner
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2017-05-31 17:04 CEST by Felix Botner
Modified: 2017-06-15 17:58 CEST (History)
0 users

See Also:
What kind of report is it?: Bug Report
What type of bug is this?: 3: Simply Wrong: The implementation doesn't match the docu
Who will be affected by this bug?: 5: Will affect all installed domains
How will those affected feel about the bug?: 2: A Pain – users won’t like this once they notice it
User Pain: 0.171
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Ticket number:
Bug group (optional): Error handling, Usability
Max CVSS v3 score:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Felix Botner univentionstaff 2017-05-31 17:04:56 CEST
User with "change password on next login"

After logon and a wrong password during the password change dialog, the UMC change password dialog is not shown again, only the logon dialog. 

Seems that the new_password (created during the first password change dialog) is keept during the session and frontend and backend silently try to change the account's password with this "new password" upon logon and never again ask for a new password.

UMC auth

R {"options":{"username":"test2","password":"univention"}}
A The password has expired and must be renewed.

UMV PWD Change

R {"options":{"username":"test2","password":"univention","new_password":"univention"}}
A Changing password failed. The password was already used

UMC auth

R {"options":{"username":"test2","password":"univention","new_password":"univention"}}
A Changing password failed. The password was already used
Comment 1 Florian Best univentionstaff 2017-06-02 08:59:36 CEST
svn r77105 broke it! In svn r77304 I fixed a lot of regressions caused by r77105 but didn't fix this one here.

I don't think the fix introduces any side effects, I tested also that the login form is filled out if e.g. the query string contains ?username=root or if the browser stored the username+password, which is then successfully inserted again.

univention-management-console.yaml:
r80002 | YAML Bug #44720

univention-management-console (9.0.80-46):
r80001 | Bug #44720: if changing an expired password fails the form was not reset leading to impossible authentication
Comment 2 Felix Botner univentionstaff 2017-06-02 09:59:13 CEST
OK - univention-management-console password change
OK - univention-management-console.yaml
Comment 3 Janek Walkenhorst univentionstaff 2017-06-15 17:58:22 CEST
<http://errata.software-univention.de/ucs/4.2/40.html>