If you think a bug might affect users in the 57 release, please set the correct tracking and status flags for Release Management.

use admin_update_password for forced password update

RESOLVED FIXED

Status

Cloud Services
Server: Registration
RESOLVED FIXED
6 years ago
5 years ago

People

(Reporter: rfkelly, Assigned: rfkelly)

Tracking

Firefox Tracking Flags

(Not tracked)

Details

(Whiteboard: [qa+])

Attachments

(2 attachments)

(Assignee)

Description

6 years ago
Created attachment 592034 [details] [diff] [review]
patch to use admin_update_password

Currently server-reg uses admin_update_field() to forcibly reset the user's password.  That's bad news for SQL auth backends, since it writes the raw password into the database instead of the hashed-and-salted version.

Attached patch changes it to use admin_update_password().
Attachment #592034 - Flags: review?(telliott)
Comment on attachment 592034 [details] [diff] [review]
patch to use admin_update_password

Whoops. Good catch.
Attachment #592034 - Flags: review?(telliott) → review+
(Assignee)

Comment 2

6 years ago
Applied in http://hg.mozilla.org/services/server-reg/rev/ea7aaa1f240a
Status: NEW → RESOLVED
Last Resolved: 6 years ago
Resolution: --- → FIXED
Status: RESOLVED → VERIFIED
Whiteboard: [qa+]
(Assignee)

Updated

5 years ago
Blocks: 766570
(Assignee)

Comment 3

5 years ago
Created attachment 635634 [details] [diff] [review]
patch to correct use of admin_update_password

Yeah, um, so...the patch committed above doesn't actually work.  It resets the password to "password" rather than the value entered by the user.  Whoops!  Attached patch fixed it and adds a test to make sure it really works.
Assignee: nobody → rfkelly
Status: VERIFIED → REOPENED
Attachment #635634 - Flags: review?(telliott)
Resolution: FIXED → ---
Comment on attachment 635634 [details] [diff] [review]
patch to correct use of admin_update_password

Whoops!
Attachment #635634 - Flags: review?(telliott) → review+
(Assignee)

Comment 5

5 years ago
http://hg.mozilla.org/services/server-reg/rev/984937e39ac8
Status: REOPENED → RESOLVED
Last Resolved: 6 years ago5 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.