View Issue Details

IDProjectCategoryView StatusLast Update
0012998mantisbtauthenticationpublic2014-09-23 18:05
Reportertino Assigned Todhx  
PrioritynormalSeverityminorReproducibilityalways
Status closedResolutionfixed 
OSUbuntuOS Version10.4.2 
Product Version1.2.5 
Target Version1.2.6Fixed in Version1.2.6 
Summary0012998: Reset Button with HTTP_AUTH authentication
Description

Hello,

related to the Committed Patch at Bug ID 12534:
the Reset button is available by using HTTP_AUTH but the password can not reset be Mantis. I recommend to use the existing function "auth_can_change_password" by replacing at manage_user_edit_page.php Line 181:

  • <?php if( !$t_ldap ) { ?>
  • <?php if ( helper_call_custom_function( 'auth_can_change_password', array() ) ) { ?>
    This function is also used at account_page.php.

If this is not working, please check to Bug ID 12997.

Regards Tino

Steps To Reproduce

Configure HTTP_AUTH - authentication and you'll see the "reset password" button in the user management page (manage_user_edit_page.php). But Mantis is not able to change the password.

Tagspatch

Relationships

related to 0015721 closedgrangeway Functionality to consider porting to master-2.0.x 
related to 0012534 closeddhx When using LDAP, the "Reset Password" function should be disabled 
related to 0013690 closeddregad When using LDAP, administrator can't reset "failed_login_count" any more 

Activities

dhx

dhx

2011-07-12 05:38

reporter   ~0029141

Thanks Tino, I've committed the patch.

grangeway

grangeway

2013-04-05 17:57

reporter   ~0036393

Marking as 'acknowledged' not resolved/closed to track that change gets ported to master-2.0.x branch

Related Changesets

MantisBT: master aa48e0c7

2011-07-12 05:34

dhx


Details Diff
Fix 0012998: Password reset button should be hidden for HTTP_AUTH method

If MantisBT is configured with the HTTP_AUTH method for user
authentication, passwords cannot be reset by MantisBT. The passwords are
managed externally to MantisBT in this instance.

Therefore do not offer managers the ability to reset passwords when
HTTP_AUTH is set as the authentication mechanism.

Thanks to Tino Böhme for reporting this issue and providing a patch.
Affected Issues
0012998
mod - manage_user_edit_page.php Diff File
mod - manage_user_reset.php Diff File

MantisBT: master-1.2.x 3eaa71f7

2011-07-12 05:34

dhx


Details Diff
Fix 0012998: Password reset button should be hidden for HTTP_AUTH method

If MantisBT is configured with the HTTP_AUTH method for user
authentication, passwords cannot be reset by MantisBT. The passwords are
managed externally to MantisBT in this instance.

Therefore do not offer managers the ability to reset passwords when
HTTP_AUTH is set as the authentication mechanism.

Thanks to Tino Böhme for reporting this issue and providing a patch.
Affected Issues
0012998
mod - manage_user_reset.php Diff File
mod - manage_user_edit_page.php Diff File