View Issue Details
ID | Project | Category | View Status | Date Submitted | Last Update |
---|---|---|---|---|---|
0000953 | Main CAcert Website | my account | public | 2011-06-21 22:40 | 2013-01-15 17:23 |
Reporter | INOPIAE | Assigned To | Uli60 | ||
Priority | low | Severity | minor | Reproducibility | always |
Status | closed | Resolution | no change required | ||
Fixed in Version | 2011 Q3 | ||||
Summary | 0000953: After change of password change on account.php?id=14 does not meet requirements wrong redirect | ||||
Description | While testing bug 637 I found when change my password and the new password is not matching the requirements e.g. "aaaa" only the message that the password is not accepted but there are no fields to enter the new password | ||||
Additional Information | Suggestion to redirect the answer onto account.php?id=14 | ||||
Tags | No tags attached. | ||||
Reviewed by | dastrath, NEOatNHNG | ||||
Test Instructions | |||||
|
trying to reproduce the reported bug: password login to cert.unknown@w...de logged-in My Details - Change Password Old Pwd: entering old password New Pwd: aaaa Retype: aaaa Results in new page: "The Pass Phrase you submitted was too short." Here "only" text: "Error" or "Password not changed" info is missing Logout - relogin with old, not changed password works. So here there is no bug the routine works as expected |
|
the resulting text page is the last page of the change password routine. password has not been changed and the "old" password still is active. So if the user wants another try for a password change, the user has to select again the My Details - Change Password function. In general this is a design consideration. For a clear workflow schema 1. the workflow starts with the trigger (My Details - Change Password) 2. the 2nd step is the change password form 3. dependent on the result of the change process, the last page is either a success message text or a failed change password message text page 4. finished On failure the user has to trigger the function again. Using this workflow this prevents a potential clash of a no longer working password. The password state is either a) changed or b) not changed The only adjusted enhancement is a better worded text for a) Failure -> Error, Warning or similiar eg Failure: Password not changed, 2nd line with details info and b) Success -> Success eg Success: New Password has been set |
|
only suggested text adjustments if modifications in text its position is /includes/account.php l.1281 ff. the password change routine is not a script to next script workflow procedure (eg id=14 -> oldid=14 -> next id=15) instead the pwchange handling refers to the central monster script /includes/account.php (117 Kb) to prevent problems with the id workflow, the process should end with either success or failure. So the existing workflow should not be changed. |
|
|
|
/includes/account.php l.1281 ff. added "Success" or "Failure" lines to report result text page |
|
Reviewed and added modified version to test server. Needs testing and second review. |
|
My Details - Change Password old pwd new pwd aaaa update passphrase Failure: Password not Changed (strong, red on white) The Pass Phrase you submitted was too short. (black on white) => ok My Details - Change Password old pwd new pwd update passphrase Password Changed Successfully (strong, black on white) Your Pass Phrase has been updated and your primary email account has been notified of the change. (black on white) => ok |
|
My Details - Change Password old pwd new pwd aaaa or 111111111111 update passphrase Failure: Password not Changed (strong, red on white) The Pass Phrase you submitted was too short. (black on white) or The Pass Phrase you submitted failed to contain enough differing characters and/or contained words from your name and/or email address. Only scored 1 points out of 6. => ok Used different no allowed passwords. The behavior always was as designed. My Details - Change Password old pwd new pwd update passphrase Password Changed Successfully (strong, black on white) Your Pass Phrase has been updated and your primary email account has been notified of the change. (black on white) => ok |
|
needs review & deploy |
|
Changes are correct after changing Password to Pass Phrase |
|
reviewed by dirk and .. neo |
|
Mail sent to critical admins |
|
Patch applied to production system on August 3, 2011. See also: https://lists.cacert.org/wws/arc/cacert-systemlog/2011-08/msg00005.html |
|
More than 3 month fixed and no complaints |
Date Modified | Username | Field | Change |
---|---|---|---|
2011-06-21 22:40 | INOPIAE | New Issue | |
2011-06-21 22:41 | INOPIAE | Relationship added | related to 0000637 |
2011-07-06 20:42 | Uli60 | Note Added: 0002095 | |
2011-07-06 20:53 | Uli60 | Note Added: 0002096 | |
2011-07-06 20:53 | Uli60 | Status | new => solved? |
2011-07-06 20:53 | Uli60 | Resolution | open => no change required |
2011-07-06 20:58 | Uli60 | Assigned To | => Uli60 |
2011-07-06 20:58 | Uli60 | Status | solved? => needs feedback |
2011-07-06 20:58 | Uli60 | Resolution | no change required => reopened |
2011-07-06 21:01 | Uli60 | Note Edited: 0002096 | |
2011-07-06 21:05 | Uli60 | Note Added: 0002098 | |
2011-07-06 21:05 | Uli60 | Priority | normal => low |
2011-07-06 21:05 | Uli60 | Status | needs feedback => needs work |
2011-07-06 21:05 | Uli60 | Resolution | reopened => no change required |
2011-07-06 21:19 | Uli60 | Note Edited: 0002098 | |
2011-07-06 21:32 | Uli60 | File Added: account.php | |
2011-07-06 21:35 | Uli60 | Note Added: 0002099 | |
2011-07-06 21:35 | Uli60 | Status | needs work => fix available |
2011-07-06 21:41 | Uli60 | Note Edited: 0002098 | |
2011-07-12 21:55 | NEOatNHNG | Source_changeset_attached | => cacert-devel master f1178340 |
2011-07-12 21:55 | NEOatNHNG | Source_changeset_attached | => cacert-devel master 5bb9baba |
2011-07-12 22:05 | NEOatNHNG | Source_changeset_attached | => cacert-devel master d1b2d6f7 |
2011-07-12 22:05 | NEOatNHNG | Source_changeset_attached | => cacert-devel master a759a1fa |
2011-07-12 22:11 | NEOatNHNG | Note Added: 0002118 | |
2011-07-12 22:11 | NEOatNHNG | Status | fix available => needs review & testing |
2011-07-12 22:11 | NEOatNHNG | Reviewed by | => NEOatNHNG |
2011-07-13 21:18 | Uli60 | Note Added: 0002128 | |
2011-07-23 05:22 | INOPIAE | Note Added: 0002181 | |
2011-08-02 21:55 | NEOatNHNG | Source_changeset_attached | => cacert-devel master e96468cb |
2011-08-02 21:55 | NEOatNHNG | Source_changeset_attached | => cacert-devel master 14276ff9 |
2011-08-02 22:09 | Uli60 | Note Added: 0002256 | |
2011-08-02 22:09 | Uli60 | Status | needs review & testing => needs review |
2011-08-02 22:20 | egal | Note Added: 0002260 | |
2011-08-02 22:34 | Uli60 | Note Added: 0002264 | |
2011-08-02 22:34 | Uli60 | Status | needs review => ready to deploy |
2011-08-02 22:34 | Uli60 | Note Edited: 0002264 | |
2011-08-02 22:35 | egal | Reviewed by | NEOatNHNG => dastrath, NEOatNHNG |
2011-08-02 23:04 | NEOatNHNG | Note Added: 0002270 | |
2011-08-03 10:18 | wytze | Note Added: 0002278 | |
2011-08-03 10:18 | wytze | Status | ready to deploy => solved? |
2011-11-20 01:05 | NEOatNHNG | Source_changeset_attached | => cacert-devel release ad68d81c |
2012-12-21 05:17 | Werner Dworak | Note Added: 0003520 | |
2012-12-21 05:17 | Werner Dworak | Status | solved? => closed |
2013-01-15 17:23 | Werner Dworak | Fixed in Version | => 2011 Q3 |