search

mozilla / vinz-clortho

INACTIVE - http://mzl.la/ghe-archive - BrowserID Keymaster for LDAP enabled Identity Providers
16 stars 21 forks source link

Mozilla IdP - beta.123done.org does not ask for password after changing it #113

Closed shane-tomlinson closed 10 years ago

shane-tomlinson commented 10 years ago

From @csuciu in mozilla/browserid#3787

Env beta.123done.org Win 7 & IE FF 22 release Win 7 & IE 10

Steps:

  1. Sign in with username@test-moz-idp.com
  2. Provide the password when asked
  3. Logout
  4. Login again with username@test-moz-idp.com - password is not requested
  5. Go to https://ldap.mozilla.org/passwordreset/ and change the password for username@test-moz-idp.com
  6. Wait for a while (I waited up to 30 minutes)
  7. Sign in again with username@test-moz-idp.com

Expected: User should be asked to enter the new password

Actual: The account is logged in without asking for password

mostlygeek commented 10 years ago

OK. I'll take a look at this.

csuciu commented 10 years ago

Re-tested today and these are my findings:

After changing the password, at first attempt to sign in again with the LDAP account I get this error message (third-party cookies are enabled)

"Error: login.mozilla.org cookies blocked You need third-party cookies enabled."

After dismissing this message, I can sign in with the new password. . This happens on all browsers.

ozten commented 10 years ago

This should be fixed, @karlht can you verify? Thanks

karlht commented 10 years ago

This is fixed on latest stage.