After a non-db auth external password change, userprefs.cgi?tab=account is unable to accept changes

NEW
Unassigned

Status

()

Bugzilla
User Accounts
11 years ago
4 years ago

People

(Reporter: Wurblzap, Unassigned)

Tracking

Details

(Reporter)

Description

11 years ago
In userprefs.cgi, tab=account changes are checked for the crypted password in the database. This doesn't work if the site is using external auth and the user modified the password externally after Bugzilla account creation, resulting in the user not being able to change the Bugzilla real name (for example in order to remove an absence hint).

Comment 1

11 years ago
I was under the impression that you should always be able to change your real name, even without a password. I suppose not.

I can confirm that Target Milestone, though--that's definitely something we want to fix for 3.0.

Comment 2

10 years ago
Marc, this still works if you use the old password, right? I have the feeling that Bugzilla uses the external password the first time to create the account, then look at the DB to compare the entered password. Am I right?
(Reporter)

Comment 3

10 years ago
(In reply to comment #2)
> Marc, this still works if you use the old password, right? I have the feeling
> that Bugzilla uses the external password the first time to create the account,
> then look at the DB to compare the entered password. Am I right?

I don't know whether this bug is valid any more. I'd think you're right.

The problem now is rather that Bugzilla pre-fills a hidden Bugzilla_login field on the prefs page in order to automate authentication. When using some external authentication like LDAP, this may not match your actual user name you need to use for logging in. In fact, Bugzilla probably doesn't even your external user name.

Comment 4

9 years ago
The Bugzilla 3.0 branch is now locked to security bugs and dataloss fixes only. This bug doesn't fit into one of these two categories and is retargetted to 3.2 as part of a mass-change. To catch bugmails related to this mass-change, use lts081207 in your email client filter.
Target Milestone: Bugzilla 3.0 → Bugzilla 3.2

Comment 5

8 years ago
Bugzilla 3.2 is restricted to security bugs only. Moreover, this bug is either assigned to nobody or got no traction for several months now. Rather than retargetting it at each new release, I'm clearing the target milestone and the bug will be retargetted to some sensible release when someone starts fixing this bug for real (Bugzilla 3.8 more likely).
Target Milestone: Bugzilla 3.2 → ---
You need to log in before you can comment on or make changes to this bug.