View Issue Details
ID | Project | Category | View Status | Date Submitted | Last Update |
---|---|---|---|---|---|
0000963 | Main CAcert Website | source code | public | 2011-07-26 21:25 | 2013-01-15 18:33 |
Reporter | Uli60 | Assigned To | NEOatNHNG | ||
Priority | normal | Severity | major | Reproducibility | always |
Status | closed | Resolution | fixed | ||
Fixed in Version | 2011 Q3 | ||||
Summary | 0000963: Logout Session not completely reset | ||||
Description | problem occurs eg weak password, reset password, good password, logout, login, reminder -> change your password | ||||
Steps To Reproduce | 1. state account: weak pwd 2. system message - change password 3. walk thru password change (is good and ok) 4. logout 5. login 6. system reminder -> change password as of weak password | ||||
Tags | No tags attached. | ||||
Reviewed by | Ted, NEOatNHNG | ||||
Test Instructions | |||||
|
(23:35:10) NEOatNHNG: $test = array('bla'=>'blubb', 'foo'=>'bar'); (23:35:10) NEOatNHNG: foreach($test as $key){ (23:35:10) NEOatNHNG: echo $key, ':', $test[$key]; (23:35:10) NEOatNHNG: } fix (23:37:28) NEOatNHNG: <?php (23:37:28) NEOatNHNG: $test = array('bla'=>'blubb', 'foo'=>'bar'); (23:37:28) NEOatNHNG: foreach($test as $key => $value){ (23:37:28) NEOatNHNG: echo $key, ':', $test[$key]; /includes/loggedin.php line 140 |
|
Unabhängig vom sich am gleichen Browser anschließend einloggenden Benutzer wird die Passwort-Setz-Routine *immer* aufgerufen. Nach Schließen des Browsers und Neustart ist der Fehler nicht mehr vorhanden! |
|
Checked in fix to git branch bug-963 |
|
Fehler unverändert vorhanden, obwohl Bug-Status auf "needs review & testing" |
|
create new account test.bug963@ (long pwd) confirm account logout login to admin account admin - find user - test.bug963@ set pwd: aaaa logout login test.bug963@ warning: plz change pwd old (aaaa) and new pwd entered Password Changed Successfully Your Pass Phrase has been updated and your primary email account has been notified of the change. logout re-login test.bug963@ with new pwd no error, no warning => ok my details - change pwd new passphrase -> aaaa Error/Warning Failure: Password not Changed The Pass Phrase you submitted was too short. => ok my details - change pwd new passphrase -> FredS... Error/Warning Failure: Password not Changed The Pass Phrase you submitted failed to contain enough differing characters and/or contained words from your name and/or email address. Only scored 2 points out of 6. => ok logout, login test.bug963@ and long pwd => ok, no error, no warning seems to be ok I cannot confirm https://bugs.cacert.org/view.php?id=963#c2204 |
|
Bug appears to be fixed now. Tested same as in https://bugs.cacert.org/view.php?id=963#c2204 Logged in with user with weak pwd who is sent to the pwd change form. Logged out without changing pwd, re-login with different user -> no password change request. Before bug fix the second user got the password change request at this point. |
|
Second test as described in bug report (see again below) was also tested successfully: Test flow: 1. state account: weak pwd 2. system message - change password 3. walk thru password change (is good and ok) 4. logout 5. login => 6. system reminder -> change password as of weak password <= No system reminder or the like appeared => Tested successfully |
|
Reviewed: good to go. Testers: please check that all places where one is logged out work properly |
|
review & deploy |
|
Mail sent to critical admins |
|
Patch applied to production system on August 3, 2011. See also: https://lists.cacert.org/wws/arc/cacert-systemlog/2011-08/msg00006.html |
|
More than 3 month fixed and no complaints |
Date Modified | Username | Field | Change |
---|---|---|---|
2011-07-26 21:25 | Uli60 | New Issue | |
2011-07-26 21:26 | Uli60 | Relationship added | related to 0000637 |
2011-07-26 21:39 | Uli60 | Note Added: 0002201 | |
2011-07-26 21:40 | alex | Note Added: 0002202 | |
2011-07-26 21:40 | Uli60 | Note Edited: 0002201 | |
2011-07-26 21:42 | alex | Note Edited: 0002202 | |
2011-07-26 22:17 | Ted | Note Added: 0002203 | |
2011-07-26 22:17 | Ted | Assigned To | => Ted |
2011-07-26 22:17 | Ted | Status | new => needs review & testing |
2011-07-26 22:25 | Ted | Source_changeset_attached | => cacert-devel master a78613a5 |
2011-07-26 22:31 | alex | Note Added: 0002204 | |
2011-08-01 13:52 | Uli60 | Note Added: 0002234 | |
2011-08-02 20:45 | alex | Note Added: 0002248 | |
2011-08-02 21:18 | alex | Note Added: 0002251 | |
2011-08-02 21:30 | NEOatNHNG | Note Added: 0002254 | |
2011-08-02 21:30 | NEOatNHNG | Status | needs review & testing => needs testing |
2011-08-02 22:10 | Uli60 | Note Added: 0002257 | |
2011-08-02 22:10 | Uli60 | Assigned To | Ted => NEOatNHNG |
2011-08-02 22:10 | Uli60 | Status | needs testing => needs review |
2011-08-02 23:58 | NEOatNHNG | Note Added: 0002275 | |
2011-08-02 23:58 | NEOatNHNG | Status | needs review => ready to deploy |
2011-08-02 23:59 | NEOatNHNG | Reviewed by | => Ted, NEOatNHNG |
2011-08-03 10:19 | wytze | Note Added: 0002279 | |
2011-08-03 10:19 | wytze | Status | ready to deploy => solved? |
2011-08-03 10:19 | wytze | Resolution | open => fixed |
2011-08-05 14:38 | Uli60 | Relationship added | related to 0000908 |
2011-08-15 10:32 | Uli60 | Relationship added | related to 0000909 |
2011-11-23 09:20 | Uli60 | Relationship replaced | has duplicate 0000908 |
2012-12-21 05:20 | Werner Dworak | Note Added: 0003524 | |
2012-12-21 05:20 | Werner Dworak | Status | solved? => closed |
2013-01-15 17:37 | Werner Dworak | Product Version | => 2011 Q3 |
2013-01-15 18:33 | Werner Dworak | Product Version | 2011 Q3 => |
2013-01-15 18:33 | Werner Dworak | Fixed in Version | => 2011 Q3 |