Cannot log in with new password using password reset (new style) with Http Basic Auth
|Reported by:||Owned by:|
|Cc:||MartinEden, Ryan J Ollos, massimo.b@…||Trac Release:||0.11|
We use Http Basic Auth on our trac instance.
When an administrator clicks "Reset passwords" in
/admin/accounts/users the user receives an email explaining that their password has been reset, and gives them the new random password.
When they try and log in, their old password still works (as expected) but the new random password does not work.
My guess is that this is because our chosen password store, HtPasswdStore, can only store one password per user.
As I am writing this, I see in Lost password procedure that "The temporary password is stored in ResetPwStore, a special SessionStore". Does this mean I need to configure a SessionStore to get this behaviour to work properly? Please direct me to the appropriate documentation if so.
Change History (19)
comment:2 Changed 3 years ago by
|Keywords:||reset regression added|
|Summary:||Cannot log in with new password when using reset password with Http Basic Auth → Cannot log in with new password using password reset (new style) with Http Basic Auth|
|Trac Release:||→ 0.11|
Changed 3 years ago by