[MAGNOLIA-1355] Changing the password of the current user does not allow activation Created: 07/Feb/07  Updated: 13/Mar/12  Resolved: 16/Dec/11

Status: Closed
Project: Magnolia
Component/s: activation, security
Affects Version/s: 3.0.1
Fix Version/s: 4.5

Type: Bug Priority: Major
Reporter: zam6ak Assignee: Jan Haderka
Resolution: Fixed Votes: 2
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified
Environment:

Magnolia 3.0.1 Enterprise
JBoss AS 4.0.5GA


Issue Links:
dependency
depends upon MAGNOLIA-3904 Use public/private encryption to secu... Closed
relation
is related to MAGNOLIA-2055 Activation should report an error whe... Closed
Template:
Acceptance criteria:
Empty
Task DoD:
[ ]* Doc/release notes changes? Comment present?
[ ]* Downstream builds green?
[ ]* Solution information and context easily available?
[ ]* Tests
[ ]* FixVersion filled and not yet released
[ ]  Architecture Decision Record (ADR)
Bug DoR:
[ ]* Steps to reproduce, expected, and actual results filled
[ ]* Affected version filled
Date of First Response:

 Description   

1. Log in as superuser on author
2. Change the password for a superuser
3. Activate the superuser user (to propagate changes to public instance)
--> You get an JS alert error "Can't Activate...."

I guess because Magnolia uses current user to log in to the subscribers, when you change your password authentication on remote subscribers fails....
If that is the case, then there has to be a way to propagate the new password before the authentication occurs or use the old password, authenticate and then update subscribers...



 Comments   
Comment by Jan Haderka [ 29/Jul/08 ]
  • One way to fix this would be to ask user if (s)he wants to activate changes immediately while changing the password. At this moment we should be able to still use the old password while having new one stored already.
  • Other option would be to use workflow and let superuser to activate such changes on behalf of users ... wouldn't work for the superuser himself though.
Comment by Magnolia International [ 06/Nov/08 ]

The issue at large is probably that we actually pass real credentials in the request instead of some form of authorization key. (the current mechanism only works because we store the passwords in a decodable format in the repository)

Comment by Brad Kazazes [ 07/Dec/09 ]

I've discussed a tempory work around using the Observation module on the Wiki, http://wiki.magnolia-cms.com/display/WIKI/Auto+activation+of+user+details. It would be still good to find a more permanent solution however.

Comment by Eric Hechinger [ 13/Mar/12 ]

Tested with 4.5.1.

Generated at Mon Feb 12 03:26:07 CET 2024 using Jira 9.4.2#940002-sha1:46d1a51de284217efdcb32434eab47a99af2938b.