Open Bug 361295 Opened 18 years ago Updated 11 years ago

After a non-db auth external password change, userprefs.cgi?tab=account is unable to accept changes

Categories

(Bugzilla :: User Accounts, defect)

Product:
Bugzilla
Component:
User Accounts
Version:
2.23.3
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

People

(Reporter: Wurblzap, Unassigned)

Details

In userprefs.cgi, tab=account changes are checked for the crypted password in the database. This doesn't work if the site is using external auth and the user modified the password externally after Bugzilla account creation, resulting in the user not being able to change the Bugzilla real name (for example in order to remove an absence hint).
I was under the impression that you should always be able to change your real name, even without a password. I suppose not. I can confirm that Target Milestone, though--that's definitely something we want to fix for 3.0.
Marc, this still works if you use the old password, right? I have the feeling that Bugzilla uses the external password the first time to create the account, then look at the DB to compare the entered password. Am I right?
(In reply to comment #2) > Marc, this still works if you use the old password, right? I have the feeling > that Bugzilla uses the external password the first time to create the account, > then look at the DB to compare the entered password. Am I right? I don't know whether this bug is valid any more. I'd think you're right. The problem now is rather that Bugzilla pre-fills a hidden Bugzilla_login field on the prefs page in order to automate authentication. When using some external authentication like LDAP, this may not match your actual user name you need to use for logging in. In fact, Bugzilla probably doesn't even your external user name.
The Bugzilla 3.0 branch is now locked to security bugs and dataloss fixes only. This bug doesn't fit into one of these two categories and is retargetted to 3.2 as part of a mass-change. To catch bugmails related to this mass-change, use lts081207 in your email client filter.
Target Milestone: Bugzilla 3.0 → Bugzilla 3.2
Bugzilla 3.2 is restricted to security bugs only. Moreover, this bug is either assigned to nobody or got no traction for several months now. Rather than retargetting it at each new release, I'm clearing the target milestone and the bug will be retargetted to some sensible release when someone starts fixing this bug for real (Bugzilla 3.8 more likely).
Target Milestone: Bugzilla 3.2 → ---
You need to log in before you can comment on or make changes to this bug.