Bug 46012 - "change password on next login" is ignored when password has been reset administratively
"change password on next login" is ignored when password has been reset admin...
Status: CLOSED FIXED
Product: UCS@school
Classification: Unclassified
Component: Listener modules
UCS@school 4.2
Other Linux
: P5 normal (vote)
: UCS@school 4.2 v10
Assigned To: Sönke Schwardt-Krummrich
Ole Schwiegert
:
Depends on: 45468
Blocks:
  Show dependency treegraph
 
Reported: 2018-01-11 16:15 CET by Nico Stöckigt
Modified: 2018-07-04 18:07 CEST (History)
4 users (show)

See Also:
What kind of report is it?: Bug Report
What type of bug is this?: 3: Simply Wrong: The implementation doesn't match the docu
Who will be affected by this bug?: 5: Will affect all installed domains
How will those affected feel about the bug?: 2: A Pain – users won’t like this once they notice it
User Pain: 0.171
Enterprise Customer affected?:
School Customer affected?: Yes
ISV affected?:
Waiting Support:
Ticket number: 2018011121000299
Bug group (optional):
Max CVSS v3 score:


Attachments
Hotfix als Patch (524 bytes, patch)
2018-02-22 11:55 CET, Sönke Schwardt-Krummrich
Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Nico Stöckigt univentionstaff 2018-01-11 16:15:20 CET
The flag 'change password on next login' is ignored when a password has been reset by a teacher or admin. The user (student) is not prompted to change his/her password but should.
Comment 1 Florian Best univentionstaff 2018-01-11 16:39:17 CET
Patch available in branch fbest/46012-pwdChangeOnNextLogin.

diff --git a/ucs-school-umc-users/umc/python/schoolusers/__init__.py b/ucs-school-umc-users/umc/python/schoolusers/__init__.py
index 70306be..88c503b 100644
--- a/ucs-school-umc-users/umc/python/schoolusers/__init__.py
+++ b/ucs-school-umc-users/umc/python/schoolusers/__init__.py
@@ -94,6 +94,8 @@ class Instance(SchoolBaseModule):
 »   »   »   user['password'] = newPassword
 »   »   »   user['overridePWHistory'] = '1'
 »   »   »   user['locked'] = 'none'
+»   »   »   user.modify()
+»   »   »   user = User.from_dn(userdn, None, ldap_user_write).get_udm_object(ldap_user_write)
 »   »   »   user['pwdChangeNextLogin'] = '1' if pwdChangeNextLogin else '0'
 »   »   »   user.modify()
 »   »   »   self.finished(request.id, True)
Comment 2 Florian Best univentionstaff 2018-01-11 16:40:49 CET
I am sorry, this is a regression by myself in Bug #45468 / 28ec77ef04fb6667a30bd7ddccce93115675c4f3.
Comment 3 Sönke Schwardt-Krummrich univentionstaff 2018-01-17 15:49:16 CET
(In reply to Nico Stöckigt from comment #0)
> The flag 'change password on next login' is ignored when a password has been
> reset by a teacher or admin. The user (student) is not prompted to change
> his/her password but should.

To be more precise:
The UDM flag pwdChangeNextLogin toggles on each password reset if the checkbox "Benutzer muss das Passwort bei der nächsten Anmeldung ändern" is always checked.
So on the first pasword reset, the flag is activated. On the second reset, the flag is removed erroneously. On the third reset, the flag is activated again. Removed on the fourth reset. And so on...
Comment 4 Sönke Schwardt-Krummrich univentionstaff 2018-01-17 16:45:33 CET
(In reply to Sönke Schwardt-Krummrich from comment #3)
> To be more precise:
> The UDM flag pwdChangeNextLogin toggles on each password reset if the
> checkbox "Benutzer muss das Passwort bei der nächsten Anmeldung ändern" is
> always checked.

This seems to be originally an UDM bug:
https://forge.univention.org/bugzilla/show_bug.cgi?id=46067

But yes, the suggested patch fixes this issue for UCS@school.

Fixed for UCS@school 4.3 and 4.2

ucs-school-umc-users.yaml
e4fafc12dea8 | Bug #46012: Merge branch 'sschwardt/46012/42/pwdChangeNextLogin_toggles' into 4.2
a05fa99a74a5 | Bug #46012: add advisory

ucs-school-umc-users (13.0.0-7)
e4fafc12dea8 | Bug #46012: Merge branch 'sschwardt/46012/42/pwdChangeNextLogin_toggles' into 4.2
8a7316b2461f | Bug #46012: add changelog entry

ucs-school-umc-users (13.0.0-6)
4ee688504ee7 | Bug #46012: reinserting workaround for bug #46067

Package: ucs-school-umc-users
Version: 13.0.0-7A~4.2.0.201801171636
Branch: ucs_4.2-0
Scope: ucs-school-4.2
User: sschwardt

ucs-school-umc-users.yaml
769c170e6697 | Bug #46012: Merge branch 'sschwardt/46012/43/pwdChangeNextLogin_toggles' into 4.3
b4d840a33bb9 | Bug #46012: add advisory

ucs-school-umc-users (14.0.0-1)
19285f6080ce | Bug #46012: reinserting workaround for bug #46067

ucs-school-umc-users (14.0.0-2)
769c170e6697 | Bug #46012: Merge branch 'sschwardt/46012/43/pwdChangeNextLogin_toggles' into 4.3
d1921aa48ed2 | Bug #46012: add changelog entry


Package: ucs-school-umc-users
Version: 14.0.0-2A~4.3.0.201801171643
Branch: ucs_4.3-0
Scope: ucs-school-4.3


Waiting for Jenkins test result.
Comment 5 Sönke Schwardt-Krummrich univentionstaff 2018-02-22 11:55:50 CET
Created attachment 9416 [details]
Hotfix als Patch

Hotfix:

patch -b -d /usr/share/pyshared/univention/management/console/modules/schoolusers/ < bug46012.patch
Comment 6 Ole Schwiegert univentionstaff 2018-06-06 11:24:56 CEST
Fixed for 4.3, but the bug is still present in 4.2.

Tested with version 13.0.1-3A~4.2.0.201805090908
Comment 7 Sönke Schwardt-Krummrich univentionstaff 2018-06-22 15:32:59 CEST
I installed the current packages on a fresh system and the bug is still fixed.
I opened the module "Passwörter (Schüler)" and selected a user and gave him/her a new password while the checkbox "Benutzer muss das Passwort bei der nächsten Anmeldung ändern" is activated. Next I select the same user and reset the password again with activated checkbox.
If the original error occurs, the column "Passwortablaufdatum" shows only "-". If the bug is fixed, a date should be shown (even on the third/fourth/... reset).

Can you tell me, how you reproduced the original bug?
If the problem is reproducible, please get in touch with me.

→ FIXED
Comment 8 Ole Schwiegert univentionstaff 2018-06-26 11:15:07 CEST
I tested it again with ucs-school-umc-users 13.0.1-3A~4.2.0.201805090908 and could not reproduce it anymore for 4.2
Comment 9 Sönke Schwardt-Krummrich univentionstaff 2018-07-04 18:07:56 CEST
UCS@school 4.2 v10 has been released.

https://docs.software-univention.de/changelog-ucsschool-4.2v10-de.html

If this error occurs again, please clone this bug.