[ltb-dev] [LDAP Tool Box - Bug #873] Can't reset password when using sendtoken

noreply at lsc-project.org noreply at lsc-project.org
Thu Sep 15 11:03:30 CEST 2016


Issue #873 has been updated by Clément OUDOT.

Target version changed from self-service-password-? to self-service-password-1.0

Boldly Going Nowhere wrote:
> There is a bug in this feature ever since you introduced the password change by user code. If the config is set to 'User' instead of 'Manager' this bug surfaces.
> 
> In order to solve it I have added a new line to the 'change password' logic in resetbytoken.php between the original line 198 and 199 :  $who_change_password = 'manager';
> 
> That way it is only forced for that function and the token based reset works. Otherwise you try to rest by LDAP as the user without giving $oldpassword, which will give a constraint violation.

Well, $who_change_password should be empty in resetbytoken.php, so I don't understand why in your case it has the value "user". But you are right, we should maybe force its value, or maybe better, remove it form change_password call.

 
> ((additionally in the same file, I've decleared $oldpassword = ""; at the beginnen as you were getting cosmetic errors logged because your 'checkpasswordstrength' logic tries to pass on that variable(line 194 in resetbytoken.php) which was undeclared)).

Indeed, it will be cleaner to unset it and manage this cas in check password method.
----------------------------------------
Bug #873: Can't reset password when using sendtoken
http://tools.lsc-project.org/issues/873

Author: Thomas Mayer
Status: Assigned
Priority: Normal
Assigned to: Clément OUDOT
Category: Self Service Password
Target version: self-service-password-1.0


I can reset my password when I use the action "change" of the website.
When I use "sendtoken" i get an ldap 19 error - constraint violation.
I tried the same password for both methods.


-- 
You have received this notification because you have either subscribed to it, or are involved in it.
To change your notification preferences, please click here: http://tools.lsc-project.org/my/account
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ltb-project.org/pipermail/ltb-dev/attachments/20160915/81611d0c/attachment.htm>


More information about the ltb-dev mailing list