Mantis Bugtracker          
testlink.org

View Issue Details Jump to Notes ] Issue History ] Print ]
IDProjectCategoryView StatusDate SubmittedLast Update
0007814TestLinkUser Authentication Methodspublic2017-01-17 22:012017-01-22 07:57
Reporterken lerner 
Assigned Tofman 
PrioritynormalSeveritymajorReproducibilityalways
StatusclosedResolutionfixed 
PlatformLinuxOSRed HatOS Version
Product Version1.9.15 (2015 Q4) 
Fixed in Version1.9.16 (2016 Q4) 
Summary0007814: Unable to Reset Passwords For Users with DB Authentication In System Using Mixed LDAP/DB Authentication
DescriptionWe are using mixed mode authentication, some LDAP, some DB. The admin account uses LDAP.

Resetting the password for a user with DB authentication always fails. The server claims the password is changed and emails the new password to the user. However, the user can not log in with the new password. The user CAN log in with the old password. Upon investigation it was found that the new password was never inserted in the data base.

This issue appears to be related to or similar to http://mantis.testlink.org/view.php?id=6707 [^]

A kludge allowed us to proceed, but is in no way a proper solution to the issue. In file testlink/lib/functions/tlUser.class.php the error checking return lines were commented out:


  /**
   * Encrypts a given password with MD5
   *
   * @param $pwd the password to encrypt
   * @return string the encrypted password
   */
  protected function encryptPassword($pwd,$authentication=null)
  {
    if (self::isPasswordMgtExternal($authentication))
    {
/**
      return self::S_PWDMGTEXTERNAL;
*/
    }

    return md5($pwd);
  }

  /**
   * Set encrypted password
   *
   * @param string $pwd the new password
   * @return integer return tl::OK is the password is stored, else errorcode
   */
  public function setPassword($pwd,$authentication=null)
  {
    if (self::isPasswordMgtExternal($authentication))
    {
/**
      return self::S_PWDMGTEXTERNAL;
*/
    }

    $pwd = trim($pwd);
    if ($pwd == "")
    {
      return self::E_PWDEMPTY;
    }
    $this->password = $this->encryptPassword($pwd,$authentication);
    return tl::OK;
  }

As was mentioned in the comment trail of item 0006707, this comes down to the fact that the admin account is ldap and the user account is db.

Can you take a look at it?
Steps To Reproduce1. Use mixed mode LDAP/DB authentication where the admin account is LDAP.
2. Create a DB user. Note the initial password for the user.
3. Log in using DB user credentials
3. Reset the password of the DB user.
4. Try to log in using the DB username and new password. It should fail. Log in with the initial password. It should work.
Additional InformationRegarding the priority of the issue. It's a major problem for me, but maybe not as important to you. Feel free to adjust the priority as you see fit.
TagsNo tags attached.
Database (MySQL,Postgres,etc)MySQL
Browser
PHP Version
TestCaseID
QA Team - Task Workflow StatusTBD
Attached Files

- Relationships
related to 0007676closedfman Password reset does not work 

-  Notes
(0025847)
fman (administrator)
2017-01-18 06:22

Please get latest code from github, do fresh install in sandbox, retest and provide feedback

anyway detailed steps to reproduce are needed
(0025851)
ken lerner (reporter)
2017-01-18 12:11

Steps to reproduce:
1. Use mixed mode LDAP/DB authentication where the admin account is LDAP.
2. Create a DB user. Note the initial password for the user.
3. Log in using DB user credentials
3. Reset the password of the DB user.
4. Try to log in using the DB username and new password. It should fail. Log in with the initial password. It should work.
(0025852)
fman (administrator)
2017-01-19 06:36

OK, thanks for steps

Please get latest code from github, do fresh install in sandbox, retest and provide feedback
(0025854)
ken lerner (reporter)
2017-01-19 19:02

We got the latest code from github, did a fresh install, and retested. It works! So, looking forward to the .16 release, in that case.
(0025855)
fman (administrator)
2017-01-19 20:15

gr8!!
(0025859)
fman (administrator)
2017-01-22 07:57

1.9.16 released

- Issue History
Date Modified Username Field Change
2017-01-17 22:01 ken lerner New Issue
2017-01-18 06:22 fman Note Added: 0025847
2017-01-18 06:23 fman Assigned To => fman
2017-01-18 06:23 fman Status new => feedback
2017-01-18 12:11 ken lerner Note Added: 0025851
2017-01-18 12:11 ken lerner Status feedback => assigned
2017-01-19 06:36 fman Note Added: 0025852
2017-01-19 19:02 ken lerner Note Added: 0025854
2017-01-19 20:15 fman Note Added: 0025855
2017-01-19 20:16 fman QA Team - Task Workflow Status => TBD
2017-01-19 20:16 fman Fixed in Version => 1.9.16 (2016 Q4)
2017-01-19 20:16 fman Status assigned => resolved
2017-01-19 20:16 fman Resolution open => fixed
2017-01-19 20:16 fman Relationship added related to 0007676
2017-01-22 07:57 fman Note Added: 0025859
2017-01-22 07:57 fman Status resolved => closed



Copyright © 2000 - 2018 MantisBT Team
Powered by Mantis Bugtracker