[MAGNOLIA-4966] Can't login with RescueSecuritySupport: Passwords do not match Created: 10/Apr/13  Updated: 16/Apr/13  Resolved: 15/Apr/13

Status: Closed
Project: Magnolia
Component/s: admininterface
Affects Version/s: 4.5.8
Fix Version/s: 4.5.9

Type: Bug Priority: Critical
Reporter: Lutz Hühnken Assignee: Milan Divilek
Resolution: Fixed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified
Environment:

Magnolia 4.5.8 Community Edition
Red Hat Enterprise Linux Server release 6.4 (Santiago)


Attachments: Text File stacktrace.txt    
Template:
Acceptance criteria:
Empty
Task DoD:
[ ]* Doc/release notes changes? Comment present?
[ ]* Downstream builds green?
[ ]* Solution information and context easily available?
[ ]* Tests
[ ]* FixVersion filled and not yet released
[ ]  Architecture Decision Record (ADR)
Bug DoR:
[ ]* Steps to reproduce, expected, and actual results filled
[ ]* Affected version filled
Date of First Response:

 Description   

Changed magnolia.properties as described under
http://wiki.magnolia-cms.com/display/WIKI/Rescue+Security+Support

See attached log file for details.



 Comments   
Comment by Jan Haderka [ 10/Apr/13 ]

Unfortunatelly it seems like real bug.
I think the problem is in RescueSecuritySupport where it should create user object with the hash of the password rather then plain one since this is the only thing Magnolia usually knows about the user password.

The line 102 should look like

            User user = new RescueUser(UserManager.SYSTEM_USER, SecurityUtil.getBCrypt(UserManager.SYSTEM_PSWD));

instead of

            User user = new RescueUser(UserManager.SYSTEM_USER, UserManager.SYSTEM_PSWD);
Generated at Mon Feb 12 04:00:43 CET 2024 using Jira 9.4.2#940002-sha1:46d1a51de284217efdcb32434eab47a99af2938b.