View Issue Details

IDProjectCategoryView StatusLast Update
0023507mantisbtauthenticationpublic2017-10-28 19:08
Reporterfkay13Assigned Todregad 
PrioritylowSeverityminorReproducibilityalways
Status closedResolutionfixed 
Product Version2.7.0 
Target Version2.7.1Fixed in Version2.7.1 
Summary0023507: Users can't change their password when it is blank
Description

Using the option $g_enable_email_notification = OFF; when create a new user or reseting the password for an existing one, when the user will redefine his password, the current password field is required, and since the password is currently blank the user can't change it.

Steps To Reproduce

Set $g_enable_email_notification = OFF;
Reset an user's password
log in with this user and try to redefine the password

TagsNo tags attached.

Relationships

related to 0022310 closedcommunity Use HTML5 "required" attribute for required form fields 
related to 0023509 new Generate a random string when resetting password, or allow admin to define it 

Activities

dregad

dregad

2017-10-20 05:40

developer   ~0057997

Regression introduced by MantisBT master f4137abe (0022310)

dregad

dregad

2017-10-20 06:09

developer   ~0057998

PR https://github.com/mantisbt/mantisbt/pull/1215

cproensa

cproensa

2017-10-20 07:11

developer   ~0058000

related to this:
PR 751 https://github.com/mantisbt/mantisbt/pull/751
proposes setting a random pasword in that scenario, and showing it once.
that is a more secure method thatn setting a blank password.

dregad

dregad

2017-10-20 07:59

developer   ~0058001

Thanks for the pointer Carlos. I did search the tracker for something similar, but did not think of checking for PR's.

I fully agree that getting rid of this empty password thing is something that needs to be added to the TODO LIST, but it's outside the scope of this issue.

dregad

dregad

2017-10-22 16:01

developer   ~0058021

getting rid of this empty password thing is something that needs to be added to the TODO LIST

follow-up in 0023509

Related Changesets

MantisBT: master f4137abe

2017-02-08 19:12:48

Saga Musix


Committer: dregad Details Diff
Add HTML5 'required' attribute to form fields

Fixes 0022310

Signed-off-by: Damien Regad <dregad@mantisbt.org>
mod - account_page.php Diff File
mod - account_prof_edit_page.php Diff File
mod - account_prof_menu_page.php Diff File
mod - bug_change_status_page.php Diff File
mod - bug_report_page.php Diff File
mod - bug_update_page.php Diff File
mod - core/cfdefs/cfdef_standard.php Diff File
mod - core/custom_field_api.php Diff File
mod - core/date_api.php Diff File
mod - manage_proj_create_page.php Diff File
mod - manage_proj_edit_page.php Diff File
mod - manage_tags_page.php Diff File
mod - news_edit_page.php Diff File
mod - news_menu_page.php Diff File
mod - proj_doc_add_page.php Diff File
mod - proj_doc_edit_page.php Diff File

MantisBT: master-2.7 82653e23

2017-10-20 06:02:26

dregad

Details Diff
Allow password reset when it is blank

Commit f4137abe0c6e28ffd5a82fbe455b40d598109a25 added HTML5 'required'
attribute to mandatory fields, including the Current Password on Edit
Account page.

Since the password can be blank (e.g. when $g_enable_email_notification
is OFF), this prevents the users from resetting their password.

This removes the mandatory attribute when the password is blank.

Fixes 0023507
mod - account_page.php Diff File

Issue History

Date Modified Username Field Change
2017-10-19 15:37 fkay13 New Issue
2017-10-20 05:40 dregad Status new => confirmed
2017-10-20 05:40 dregad Summary Blank password => Users can't change their password when it is blank
2017-10-20 05:40 dregad Note Added: 0057997
2017-10-20 05:40 dregad Relationship added related to 0022310
2017-10-20 06:06 dregad Changeset attached => MantisBT master f4137abe
2017-10-20 06:09 dregad Assigned To => dregad
2017-10-20 06:09 dregad Status confirmed => assigned
2017-10-20 06:09 dregad Note Added: 0057998
2017-10-20 07:11 cproensa Note Added: 0058000
2017-10-20 07:59 dregad Note Added: 0058001
2017-10-20 08:09 dregad Relationship added related to 0023509
2017-10-22 15:32 dregad Changeset attached => MantisBT master-2.7 82653e23
2017-10-22 15:32 dregad Status assigned => resolved
2017-10-22 15:32 dregad Resolution open => fixed
2017-10-22 16:00 dregad Fixed in Version => 2.7.1
2017-10-22 16:00 dregad Target Version => 2.7.1
2017-10-22 16:01 dregad Note Added: 0058021
2017-10-28 19:08 vboctor Status resolved => closed