• Do not register here on develop.twiki.org, login with your twiki.org account.
• Use
Item7848 for generic doc work for TWiki-6.1.1. Use Item7851 for doc work on extensions that are not part of a release. More... Close
• Anything you create or change in standard webs (Main, TWiki, Sandbox etc) will be automatically reverted on every SVN update.
• Does this site look broken?. Use the LitterTray web for test cases.
• Use
Item7848 for generic doc work for TWiki-6.1.1. Use Item7851 for doc work on extensions that are not part of a release. More... Close • Anything you create or change in standard webs (Main, TWiki, Sandbox etc) will be automatically reverted on every SVN update.
• Does this site look broken?. Use the LitterTray web for test cases.
Item7178: After Wiki password reset you're locked on the "Password reset page"
Item Form Data
| AppliesTo: | Component: | Priority: | CurrentState: | WaitingFor: | TargetRelease | ReleasedIn |
|---|---|---|---|---|---|---|
| Engine | Core | Normal | New | n/a |
Edit Form Data
Detail
Using Apache htaccess user authentication.
When a user requests a new password (twiki/bin/view/TWiki/ResetPassword) the "Must Change Password" flag will be set in the .htaccess file, but this actually blocks the "Reset Password" Page.
So, once the password is reset by twiki to something random you can login on the ResetPassword page but you can't submit the form as "mcp=1".
Whatever page you try to access, you will always be forwarded to the ResetPassword page and there is no way to leave it (other than browsing as anonymous)
$VERSION = '$Date: 2012-12-16 00:58:48 -0500 (Sun, 16 Dec 2012) $ $Rev: 24504 (2012-12-16) $ ';
$RELEASE = 'TWiki-5.1.3'; -- TWiki:Main/GeertLorang
- 2013-03-08
I tried to reproduce this on TWiki-5.1.1, TWiki-5.1.4 and trunk. It works as intended on these three versions, so unfortunately I can't reproduce this. What login manager do you use? Any special password manager?
-- TWiki:Main.PeterThoeny - 2013-03-10
Just did a fresh install of "TWiki-5.1.4, Sat, 16 Feb 2013, build 25114" at home and can perfectly reproduce the issue.
Here are the settings from configure -- actually the defaults I guess, as I didn't change them:
{LoginManager} = TWiki::LoginManager::TemplateLogin
{UserMappingManager} = TWiki::Users::TWikiUserMapping
{PasswordManager} = TWiki::Users::HtPasswdUser
{Htpasswd}{Encoding} = crypt
Here is what I just did, quite straightforward but maybe it helps to reproduce.
- Install fresh copy of TWiki 5.1.4
- Create a new user as TWikiAdmin user
- Logout as TWikiAdmin
- Goto view/TWiki/ResetPassword
- Enter Username of new user
- Check data/.htpasswd : mcp-flag will be set to 1
- Login with new password - You will be redirected to the ChangePassword page
- Enter current and new password
- Click Change password
- You will be redirected again to the ChangePassword page
--> Your password is not updated (check data/.htpasswd)
I just see I reported mistake in my original post: Once "mcp" is set to 1 you will always be forwarded to the ChangePassword page instead of the ResetPassword page. Sorry for that.
Hopefully this helps.
-- TWiki:Main.GeertLorang - 2013-03-10
$RELEASE = 'TWiki-5.1.3'; -- TWiki:Main/GeertLorang
- 2013-03-08
I tried to reproduce this on TWiki-5.1.1, TWiki-5.1.4 and trunk. It works as intended on these three versions, so unfortunately I can't reproduce this. What login manager do you use? Any special password manager?
-- TWiki:Main.PeterThoeny - 2013-03-10
Just did a fresh install of "TWiki-5.1.4, Sat, 16 Feb 2013, build 25114" at home and can perfectly reproduce the issue.
Here are the settings from configure -- actually the defaults I guess, as I didn't change them:
{LoginManager} = TWiki::LoginManager::TemplateLogin
{UserMappingManager} = TWiki::Users::TWikiUserMapping
{PasswordManager} = TWiki::Users::HtPasswdUser
{Htpasswd}{Encoding} = crypt
Here is what I just did, quite straightforward but maybe it helps to reproduce.
- Install fresh copy of TWiki 5.1.4
- Create a new user as TWikiAdmin user
- Logout as TWikiAdmin
- Goto view/TWiki/ResetPassword
- Enter Username of new user
- Check data/.htpasswd : mcp-flag will be set to 1
- Login with new password - You will be redirected to the ChangePassword page
- Enter current and new password
- Click Change password
- You will be redirected again to the ChangePassword page
--> Your password is not updated (check data/.htpasswd)
I just see I reported mistake in my original post: Once "mcp" is set to 1 you will always be forwarded to the ChangePassword page instead of the ResetPassword page. Sorry for that.
Hopefully this helps.
-- TWiki:Main.GeertLorang - 2013-03-10
| ItemTemplate | |
|---|---|
| Summary | After Wiki password reset you're locked on the "Password reset page" |
| ReportedBy |
TWiki:Main.GeertLorang
|
| Codebase | 5.1.3 |
| SVN Range | TWiki-5.1.3-trunk, Fri, 01 Mar 2013, build 25265 |
| AppliesTo | Engine |
| Component | Core |
| Priority | Normal |
| CurrentState | New |
| WaitingFor | |
| Checkins | |
| TargetRelease | n/a |
| ReleasedIn | |
Topic revision: r3 - 2013-03-10 - GeertLorang
Site map
Bugs web
Create New Report
Index
Search
Detailed Items Query
Changes
100
Notifications
RSS Feed
Statistics
Preferences
Bugs 
Items by urgency
My Reports
Recently Closed
Extensions
By Status 
Waiting for Feedback
Confirmed
Being Worked On
Waiting for Release
No Action Required
Lima 
Fixes for Rel.Notes
Create Feature Request
Account 
Copyright © 2008-2023 by the contributing authors. All material on this collaboration platform is the property of the contributing authors. Ideas, requests, problems regarding TWiki? Send feedback