Ticket #9941 (new defect)

Opened 1 year ago

Last modified 5 months ago

Reset password still valid after first login

Reported by: rinon Assigned to: hasienda
Priority: low Component: AccountManagerPlugin
Severity: normal Keywords: needinfo password reset
Cc: rjollos Trac Release: 0.12

Description

After a user (or admin on behalf of the user) resets their password, logs in with their temporary password and is forced to change their password, the user is still able to log in later with that temporary password. Shouldn't AccountManager clear out any password_reset attributes on password change?

Attachments

Change History

04/04/12 00:22:55 changed by rjollos

  • cc set to rjollos.

11/24/12 00:01:05 changed by hasienda

  • keywords changed from password reset to needinfo password reset.

This shouldn't apply to current code in trunk, meant as candidate for acct_mgr-0.4.

Please re-check, but watch out for upgrade notes, that explain component name changes (and related activation caveats) as well as changed options for file-based authentication stores.

01/05/13 00:10:06 changed by hasienda

  • priority changed from normal to low.
  • type changed from enhancement to defect.

Ping. Could you prove your point somehow. I can't reproduce the reported behavior, and there's not much to be done about this without knowing, there really is a hidden issue.

Add/Change #9941 (Reset password still valid after first login)




Change Properties
Action