Modify

Opened 3 years ago

Last modified 23 months ago

#9941 new defect

Reset password still valid after first login

Reported by: rinon Owned by: hasienda
Priority: low Component: AccountManagerPlugin
Severity: normal Keywords: needinfo password reset
Cc: rjollos Trac Release: 0.12

Description

After a user (or admin on behalf of the user) resets their password, logs in with their temporary password and is forced to change their password, the user is still able to log in later with that temporary password. Shouldn't AccountManager clear out any password_reset attributes on password change?

Attachments (0)

Change History (3)

comment:1 Changed 3 years ago by rjollos

  • Cc rjollos added; anonymous removed

comment:2 Changed 2 years ago by hasienda

  • Keywords needinfo added

This shouldn't apply to current code in trunk, meant as candidate for acct_mgr-0.4.

Please re-check, but watch out for upgrade notes, that explain component name changes (and related activation caveats) as well as changed options for file-based authentication stores.

comment:3 Changed 23 months ago by hasienda

  • Priority changed from normal to low
  • Type changed from enhancement to defect

Ping. Could you prove your point somehow. I can't reproduce the reported behavior, and there's not much to be done about this without knowing, there really is a hidden issue.

Add Comment

Modify Ticket

Action
as new The owner will remain hasienda.
Author


E-mail address and user name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.