View Issue Details

IDProjectCategoryView StatusLast Update
0023507mantisbtauthenticationpublic2018-03-11 05:00
Reporterfkay13 Assigned Todregad  
PrioritylowSeverityminorReproducibilityalways
Status closedResolutionfixed 
Product Version2.7.0 
Target Version2.7.1Fixed in Version2.7.1 
Summary0023507: Users can't change their password when it is blank
Description

Using the option $g_enable_email_notification = OFF; when create a new user or reseting the password for an existing one, when the user will redefine his password, the current password field is required, and since the password is currently blank the user can't change it.

Steps To Reproduce

Set $g_enable_email_notification = OFF;
Reset an user's password
log in with this user and try to redefine the password

TagsNo tags attached.

Relationships

related to 0022310 closedcommunity Use HTML5 "required" attribute for required form fields 
related to 0023509 new Generate a random string when resetting password, or allow admin to define it 
related to 0024097 closedatrol Account page required change password on any field modification 

Activities

dregad

dregad

2017-10-20 05:40

developer   ~0057997

Regression introduced by MantisBT master f4137abe (0022310)

dregad

dregad

2017-10-20 06:09

developer   ~0057998

PR https://github.com/mantisbt/mantisbt/pull/1215

cproensa

cproensa

2017-10-20 07:11

developer   ~0058000

related to this:
PR 751 https://github.com/mantisbt/mantisbt/pull/751
proposes setting a random pasword in that scenario, and showing it once.
that is a more secure method thatn setting a blank password.

dregad

dregad

2017-10-20 07:59

developer   ~0058001

Thanks for the pointer Carlos. I did search the tracker for something similar, but did not think of checking for PR's.

I fully agree that getting rid of this empty password thing is something that needs to be added to the TODO LIST, but it's outside the scope of this issue.

dregad

dregad

2017-10-22 16:01

developer   ~0058021

getting rid of this empty password thing is something that needs to be added to the TODO LIST

follow-up in 0023509

Related Changesets

MantisBT: master f4137abe

2017-02-08 14:12

Saga Musix

Committer: dregad


Details Diff
Add HTML5 'required' attribute to form fields

Fixes 0022310

Signed-off-by: Damien Regad <dregad@mantisbt.org>
Affected Issues
0022310, 0023507
mod - account_page.php Diff File
mod - account_prof_edit_page.php Diff File
mod - account_prof_menu_page.php Diff File
mod - bug_change_status_page.php Diff File
mod - bug_report_page.php Diff File
mod - bug_update_page.php Diff File
mod - core/cfdefs/cfdef_standard.php Diff File
mod - core/custom_field_api.php Diff File
mod - core/date_api.php Diff File
mod - manage_proj_create_page.php Diff File
mod - manage_proj_edit_page.php Diff File
mod - manage_tags_page.php Diff File
mod - news_edit_page.php Diff File
mod - news_menu_page.php Diff File
mod - proj_doc_add_page.php Diff File
mod - proj_doc_edit_page.php Diff File

MantisBT: master-2.7 82653e23

2017-10-20 02:02

dregad


Details Diff
Allow password reset when it is blank

Commit f4137abe0c6e28ffd5a82fbe455b40d598109a25 added HTML5 'required'
attribute to mandatory fields, including the Current Password on Edit
Account page.

Since the password can be blank (e.g. when $g_enable_email_notification
is OFF), this prevents the users from resetting their password.

This removes the mandatory attribute when the password is blank.

Fixes 0023507
Affected Issues
0023507
mod - account_page.php Diff File