Item2552: In some special cases where one user changes password for someone else you get an error message saying system does not support password reset
Priority: Low
Current State: No Action Required
Released In:
Target Release: n/a
Applies To: Engine
Component:
Branches:
Someone have put a block on changing password when you have set allow login name.
Why?
It should be given by the password handler alone. And you can reset the password.
I have seen this in trunk and need to get back if this is also an issue in Release branch.
I am working on something else so I am throwing this bug report in briefly so I do not forget it.
Assigning to myself for now because I need to try also on Release
--
KennethLavrsen - 02 Jan 2010
It is also in Release branch
--
KennethLavrsen - 09 Jan 2010
I am working on this.
I think it is related to how and who is authenticated when you reset the password.
--
KennethLavrsen - 09 Jan 2010
I think it is related to the way I test. I am often logged in as a user with admin rights and then test reset of password for a normal user. I think it happens when I am already authenticated as normal user. I think the session files belong to the logged in user and when I pass through the CSRF screen because I try it many times, then something fails.
This is not at all the normal use case. I downgrade this to low. I want to understand the root cause because it can still cover up a bug but it is for sure not a release blocker.
--
KennethLavrsen - 09 Jan 2010
Looked more. it is related to being authenticated first as someone else and even then it takes one more condition before it happens. Also in trunk.
So keeping this low is correct. Changing the summary line also. And it is not related to Allow login name.
--
KennethLavrsen - 10 Jan 2010
I have not seen this since I fixed the racing condition problem with .htaccess. I bet this was an example of that problem.
--
KennethLavrsen - 09 Aug 2010