• Do not register here on develop.twiki.org, login with your twiki.org account.
• Use View topic Item7848 for generic doc work for TWiki-6.1.1. Use View topic Item7851 for doc work on extensions that are not part of a release. More... Close
• Anything you create or change in standard webs (Main, TWiki, Sandbox etc) will be automatically reverted on every SVN update.
Does this site look broken?. Use the LitterTray web for test cases.

File: /lib/TWiki/Users/HtPasswdUser.pm Function: passwd [line 198]

ObjectMethod passwd( $user, $newPassU, $oldPassU ) -> $boolean

Implements TWiki::Users::Password

If the $oldPassU is undef, it will try to add the user, returning 0 if they are already there.


If the old password is not defined it means it's a new user and should be added. Therefore, a new encrypted password must be generated using $this->encrypt [line 110] and it's last argument (boolean) should be set 1 so it is a fresh.

It the old password IS defined, it means it wants to change the password, however it calls $this->encrypt with the last argument (boolean) set to 1 (true) which is incorrect.

A simple solution is to define a variable flag telling if it is a 'fresh' or not encryption.


No, that's not right. You don't want the encoding to remain the same. If a user changes their pass, the encoding should change, even if it is changed to the same password. So passing 1 to encrypt whenever a password is changed is correct, IMHO.

The tests actually check for this smile

CC

ItemTemplate
Summary HtPasswdUser::passwd function always calls encrypt as fresh
ReportedBy GabrielAraujo
Priority Normal
CurrentState No Action Required
WaitingFor

Edit | Attach | Watch | Print version | History: r3 < r2 < r1 | Backlinks | Raw View | Raw edit | More topic actions
Topic revision: r3 - 2005-07-11 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by PerlCopyright © 2008-2019 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback