Challenge Set discriminates locale on "Forgotten Password"

aoktox / pwm

Automatically exported from code.google.com/p/pwm

0 stars 0 forks source link

Challenge Set discriminates locale on "Forgotten Password" #67

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago

What steps will reproduce the problem?
1. With a new user, fill in and save the forgotten password challenge set
2. Close and reopen the browser. Use the forgotten password feature for the 
same user of step 1. The challenge set works.
3. Change the browser locale.
4. Use the forgotten password feature for the same user of step 1. PWM replies 
there is no challenge set defined for the user. It happens because the 
challenge set is tagged with the locale in use when compiling it, and that 
locale value is checked against the browser locale when recovering password.

What is the expected output?
IMHO, PWM should not discriminate on challenge set locale when using the 
forgotten password feature.

What version of the product are you using?
1.5.3

Original issue reported on code.google.com by andrea.d...@gmail.com on 18 May 2011 at 12:35

GoogleCodeExporter commented 9 years ago

Intended behavior is that response set for whatever locale it was saved as will 
be displayed regardless of browser locale during forgotten password.  Will 
investigate

Original comment by jrivard on 18 May 2011 at 4:54

Changed state: Accepted

GoogleCodeExporter commented 9 years ago

Unable to reproduce on the latest code base.  If storing responses as locale 
"IT", then when I set browser to english and use forgotten password, im 
prompted with IT locale challenges.  I'm using LDAP to store responses.  Can 
you share your config file (with passwords removed).

Original comment by jrivard on 21 May 2011 at 10:41

GoogleCodeExporter commented 9 years ago

Sorry, I reported the wrong steps to reproduce the issue. Here they are the 
correct ones:

- start tomcat5 with "LANG=en_US" in /etc/opt/novell/tomcat5/tomcat5.conf
- create a new user on eDirectory vault (I am not using PWM in this step)
- log in to PWM default URL (i.e. http://site/pwm) with the new user, with a 
browser with locale set to "en-US"
- set and save the response set
- close the browser
- open the browser and log in to PWM with ?pwmLocale=it appended to the default 
URL (i.e. http://site/pwm?pwmLocale=it), with a browser with locale set to 
"en-US"
- click on the forgotten password link
- providing the username, you receive the "no configured response set" error

Actually, I am explicitly appending "?pwmLocale=it" to the URL as a workaround 
to the (already fixed) issue #60.

Original comment by andrea.d...@gmail.com on 23 May 2011 at 8:30

Attachments:

pwmResponseSet.txt

GoogleCodeExporter commented 9 years ago

Is this issue still occuring?  There have been a lot of changes to the locale 
handling in the latest builds.

Original comment by jrivard on 23 Sep 2011 at 1:04

Changed state: NeedInfo

GoogleCodeExporter commented 9 years ago

I'd really like to help, but I left the IT department three months ago and I
do not implement pwm anymore. I forward your request to my colleagues.

Original comment by andrea.d...@gmail.com on 23 Sep 2011 at 5:21

GoogleCodeExporter commented 9 years ago

Closing issue as reporter no longer able to respond.  Thanks for replying!

Original comment by jrivard on 13 Feb 2012 at 8:47

Changed state: WontFix

GoogleCodeExporter commented 9 years ago

I agree with you. I am sorry but as I already wrote, I changed career. Pwm
is still used within our organization tough. My best wishes for the
project.
Il giorno 13/feb/2012 21:47, <pwm@googlecode.com> ha scritto:

Original comment by andrea.d...@gmail.com on 13 Feb 2012 at 8:50