347052 – Admin should be able to change passwords without knowing old one

Some Eclipse Foundation services are deprecated, or will be soon. Please ensure you've read this important communication.

Bug 347052 - Admin should be able to change passwords without knowing old one

Summary: Admin should be able to change passwords without knowing old one

Status:	RESOLVED FIXED

Alias:	None

Product:	Orion
Classification:	ECD
Component:	Client (show other bugs)
Version:	0.2
Hardware:	PC Windows 7

Importance:	P3 major (vote)
Target Milestone:	0.2
Assignee:	John Arthorne
QA Contact:

URL:
Whiteboard:
Keywords:

Duplicates (1):	349593 (view as bug list)
Depends on:
Blocks:

Reported:	2011-05-24 14:51 EDT by John Arthorne
Modified:	2011-09-01 11:42 EDT (History)
CC List:	3 users (show)

See Also:

Flags:	Szymon.Brandys: review+

Attachments
Simple hack (1.67 KB, patch) 2011-06-17 13:06 EDT, John Arthorne	no flags	Details \| Diff
Better hack (2.79 KB, patch) 2011-06-17 13:29 EDT, John Arthorne	no flags	Details \| Diff
Tidy up previous patch (2.96 KB, patch) 2011-06-17 13:31 EDT, John Arthorne	no flags	Details \| Diff
Show Obsolete (2) View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description John Arthorne

2011-05-24 14:51:27 EDT

I20110524

If somebody forgets their password, the administrator should be able to reset/change it. Currently if I try this as admin on orion.eclipse.org I get an error "Invalid old password"

Comment 1 Denis Roy

2011-05-24 15:28:49 EDT

I've been resetting passwords on orionhub.org without any problems ... as admin.

Comment 2 John Arthorne

2011-05-24 16:51:35 EDT

Yes this is a regression. Previously, any logged in user could change their password without knowing their old password (bug 339413).

Comment 3 John Arthorne

2011-06-17 13:02:10 EDT

*** Bug 349593 has been marked as a duplicate of this bug. ***

Comment 4 John Arthorne

2011-06-17 13:06:28 EDT

Created attachment 198193 [details]
Simple hack

Comment 5 John Arthorne

2011-06-17 13:29:45 EDT

Created attachment 198197 [details]
Better hack

This uses the server setting the configures the set of users allowed to create accounts. This same set of users will be allowed to reset passwords without knowing the old one.

Comment 6 John Arthorne

2011-06-17 13:31:54 EDT

Created attachment 198198 [details]
Tidy up previous patch

Comment 7 John Arthorne

2011-06-17 13:47:07 EDT

http://git.eclipse.org/c/e4/org.eclipse.orion.server.git/commit/?id=a08fe1ccc9fb0ecd1d1c1f2f86b10885ce21291a