Some Eclipse Foundation services are deprecated, or will be soon. Please ensure you've read this important communication.

Bug 347052

Summary: Admin should be able to change passwords without knowing old one
Product: [ECD] Orion Reporter: John Arthorne <john.arthorne>
Component: ClientAssignee: John Arthorne <john.arthorne>
Status: RESOLVED FIXED QA Contact:
Severity: major    
Priority: P3 CC: denis.roy, malgorzata.tomczyk, Szymon.Brandys
Version: 0.2Flags: Szymon.Brandys: review+
Target Milestone: 0.2   
Hardware: PC   
OS: Windows 7   
Whiteboard:
Attachments:
Description Flags
Simple hack
none
Better hack
none
Tidy up previous patch none

Description John Arthorne CLA 2011-05-24 14:51:27 EDT
I20110524

If somebody forgets their password, the administrator should be able to reset/change it. Currently if I try this as admin on orion.eclipse.org I get an error "Invalid old password"
Comment 1 Denis Roy CLA 2011-05-24 15:28:49 EDT
I've been resetting passwords on orionhub.org without any problems ... as admin.
Comment 2 John Arthorne CLA 2011-05-24 16:51:35 EDT
Yes this is a regression. Previously, any logged in user could change their password without knowing their old password (bug 339413).
Comment 3 John Arthorne CLA 2011-06-17 13:02:10 EDT
*** Bug 349593 has been marked as a duplicate of this bug. ***
Comment 4 John Arthorne CLA 2011-06-17 13:06:28 EDT
Created attachment 198193 [details]
Simple hack
Comment 5 John Arthorne CLA 2011-06-17 13:29:45 EDT
Created attachment 198197 [details]
Better hack

This uses the server setting the configures the set of users allowed to create accounts. This same set of users will be allowed to reset passwords without knowing the old one.
Comment 6 John Arthorne CLA 2011-06-17 13:31:54 EDT
Created attachment 198198 [details]
Tidy up previous patch