Some Eclipse Foundation services are deprecated, or will be soon. Please ensure you've read this important communication.

Bug 347052

Summary:

Admin should be able to change passwords without knowing old one

Product:

[ECD] Orion

Reporter:

John Arthorne <john.arthorne>

Component:

Client

Assignee:

John Arthorne <john.arthorne>

Status:

RESOLVED FIXED

QA Contact:

Severity:

major

Priority:

CC:

denis.roy, malgorzata.tomczyk, Szymon.Brandys

Version:

0.2

Flags:

Szymon.Brandys: review+

Target Milestone:

0.2

Hardware:

OS:

Windows 7

Whiteboard:

Attachments:

Description	Flags
Simple hack	none
Better hack	none
Tidy up previous patch	none

Description John Arthorne

2011-05-24 14:51:27 EDT

I20110524

If somebody forgets their password, the administrator should be able to reset/change it. Currently if I try this as admin on orion.eclipse.org I get an error "Invalid old password"

Comment 1 Denis Roy

2011-05-24 15:28:49 EDT

I've been resetting passwords on orionhub.org without any problems ... as admin.

Comment 2 John Arthorne

2011-05-24 16:51:35 EDT

Yes this is a regression. Previously, any logged in user could change their password without knowing their old password (bug 339413).

Comment 3 John Arthorne

2011-06-17 13:02:10 EDT

*** Bug 349593 has been marked as a duplicate of this bug. ***

Comment 4 John Arthorne

2011-06-17 13:06:28 EDT

Created attachment 198193 [details]
Simple hack

Comment 5 John Arthorne

2011-06-17 13:29:45 EDT

Created attachment 198197 [details]
Better hack

This uses the server setting the configures the set of users allowed to create accounts. This same set of users will be allowed to reset passwords without knowing the old one.

Comment 6 John Arthorne

2011-06-17 13:31:54 EDT

Created attachment 198198 [details]
Tidy up previous patch

Comment 7 John Arthorne

2011-06-17 13:47:07 EDT

http://git.eclipse.org/c/e4/org.eclipse.orion.server.git/commit/?id=a08fe1ccc9fb0ecd1d1c1f2f86b10885ce21291a