Modify

Opened 2 years ago

Last modified 19 months ago

#9941 new defect

Reset password still valid after first login

Reported by: rinon Owned by: hasienda
Priority: low Component: AccountManagerPlugin
Severity: normal Keywords: needinfo password reset
Cc: rjollos Trac Release: 0.12

Description

After a user (or admin on behalf of the user) resets their password, logs in with their temporary password and is forced to change their password, the user is still able to log in later with that temporary password. Shouldn't AccountManager clear out any password_reset attributes on password change?

Attachments (0)

Change History (3)

comment:1 Changed 2 years ago by rjollos

  • Cc rjollos added

comment:2 Changed 20 months ago by hasienda

  • Keywords needinfo added

This shouldn't apply to current code in trunk, meant as candidate for acct_mgr-0.4.

Please re-check, but watch out for upgrade notes, that explain component name changes (and related activation caveats) as well as changed options for file-based authentication stores.

comment:3 Changed 19 months ago by hasienda

  • Priority changed from normal to low
  • Type changed from enhancement to defect

Ping. Could you prove your point somehow. I can't reproduce the reported behavior, and there's not much to be done about this without knowing, there really is a hidden issue.

Add Comment

Modify Ticket

Action
as new .
Author


E-mail address and user name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.