Task #8852 (closed)
Opened 12 years ago
Closed 12 years ago
Bug: Retaining old password after change
Reported by: | saloynton | Owned by: | wmoore |
---|---|---|---|
Priority: | critical | Milestone: | OMERO-4.4 |
Component: | WebAdmin | Version: | n.a. |
Keywords: | testing,phase1 | Cc: | |
Resources: | n.a. | Referenced By: | n.a. |
References: | n.a. | Remaining Time: | 0.0d |
Sprint: | 2012-05-22 (15) |
Description
Go in and change default password “ome” to “ome123” - works fine - change accepted and saved. Go back in and try and change password back to “ome” and it says “New password same as Old password”. Persists refusing to allow “ome” even after 2 changes. Only way to change back is to log out and then in as user and change it as user.
- Reported by Gus
- Mac 10.6.8/Firefox
- Web OMERO.web 4.3.3-2551-8216aff-ice33-b66
Attachments (3)
Change History (14)
comment:1 Changed 12 years ago by wmoore
- Owner changed from web-team@… to wmoore
comment:2 Changed 12 years ago by rkferguson
- Admin changing password of another user - user-2
- yes - "works fine" = change behaves as expected
- log out as admin (user-6) and log in as user-2 the account whose password was being changed by user-6
- user-2 can then return own password to original
comment:3 Changed 12 years ago by wmoore
Can't seem to reproduce any problem with Admin changing another users password from ome -> ome123 and back again. Logging in as root on gretzky and changing user2's password.
If this is still not working for you, then I'm not understanding the problem. I'll come by the office for a demo.
comment:4 Changed 12 years ago by wmoore
- Resolution set to fixed
- Status changed from new to closed
This was actually due to the form trying to ensure that the user's password was different from the admin's.
Fixed in https://github.com/will-moore/openmicroscopy/commit/8e3e13fd4c6e6bb57c7a3c36abdcdb36c8b7b3f1
comment:5 Changed 12 years ago by Will Moore <will@…>
- Remaining Time set to 0
(In [8e3e13fd4c6e6bb57c7a3c36abdcdb36c8b7b3f1/ome.git] on branch develop) Remove check that Admin password different from user password. Closes #8852
This bug was caused by the fact that we are reusing the password form from the User Accounts page, where the
'old_password' field is their old password. When Admin uses the same form for changing user's password
the 'old_password' field is used for the Admin's password. This is OK if this is the same as the user's new password
comment:6 Changed 12 years ago by atarkowska
- Component changed from Web to WebAdmin
- Keywords testing phase1 added
comment:7 Changed 12 years ago by atarkowska
- Priority changed from minor to critical
comment:8 Changed 12 years ago by rkferguson
- Resolution fixed deleted
- Status changed from closed to reopened
Retest Failed.
Logged in as user-6. Used web admin to go to “edit user” - adm-user-5. Clicked on change user’s password. Changed from “ome” to “ome2”. Received red text flag indicating it was successful. Clicked change password again and tried to change it back to “ome”. Appeared to work the received red text display under “Password:” label: “Bad password for user-6” - see screenshot.
Could not work out from this whether password had actually changed or not. Checked with login - it had not - it was still “ome2”. Tried to reproduce this with another user. When tried to change “ome” to “ome2” received same “Bad password for user-6” message (note - I had meanwhile changed adm-user-5 back to “ome” from Insight).
Tried reproducing with “ome3” and experienced same bug sequence as first time - so is reproducible.
Retested by Gus
Mac 10.6.8/Firefox
Web build 74
Changed 12 years ago by rkferguson
comment:9 Changed 12 years ago by wmoore
- Resolution set to invalid
- Status changed from reopened to closed
The first field in the password change dialog when you are an Admin (changing someone else's password) is for the Admin's password (see screen-shot above).
Since you never changed user-6's password in the above workflow, the first field in that dialog will always be 'ome'.
Changed 12 years ago by rkferguson
comment:10 Changed 12 years ago by rkferguson
- Resolution invalid deleted
- Status changed from closed to reopened
Ah - I see where most of my confusion has arisen from. The error message “Bad password for user-6” is contextually different from the dialog I have just been using which calls me “Admin”.
Please can you make some changes to wording and other elements to try and improve the usability of this - on working it through with Scott we both found it very confusing.
I have attached a mock-up of what we would like the dialogs to look/read like:
- Please can the feedback be level with the button as shown.
- Please can they be sticky - not disappear after 5 seconds.
- Success message: “✔ New Password accepted” in green (the tick is a bonus if you can do it easily)
- Failure message: “✘ Change failed - Admin Password incorrect” in red (again X is bonus if you can do it easily)
- Red border on “Change User’s Password” button to indicate it has to be done again.
Thanks.
comment:11 Changed 12 years ago by wmoore
- Resolution set to duplicate
- Status changed from reopened to closed
I have created a new ticket for UI changes: #9026. Confusing to keep reusing this one.
Is this as an Admin changing the password of another user, or changing your own password under 'Account'?
When you say "works fine" does that mean that you can now log in using the 'ome123' password?
When you say "Log out and then in as user", do you mean log in to a different account, same account? If different, are you changing a different user's password? Or are you Admin, changing the original users password?