rbucchi / pwm

Automatically exported from code.google.com/p/pwm
0 stars 1 forks source link

Forgotten password #694

Open GoogleCodeExporter opened 9 years ago

GoogleCodeExporter commented 9 years ago
What steps will reproduce the problem?
1. Forgotten password -> input user id and email address -> search
2. Email send to user's email and input the verification code
3. Prompt for input new password and confirm new password
4. click change password

What is the expected output? What do you see instead?
Expected output => password change success
What do you see instead => 5001 ERROR_WRONGPASSWORD (cannot set password for 
user, old password is not available)

What version of PWM are you using?
1.7.1

What ldap directory and version are you using?
Oracle Directory Server 7

Please paste any error log messages below:
2015-06-02 15:03:00, TRACE, rest.RestCheckPasswordServer, {1,z08993} real-time 
password validator called for uid=z08993 [10.108.42.36]
  process time: 4ms
  passwordCheckInfo string: {"version":2,"strength":46,"match":"MATCH","message":"New password accepted, please click change password","passed":true,"errorCode":0}
2015-06-02 15:03:02, TRACE, util.PwmPasswordRuleValidator, calling chai 
directory password validation checker
2015-06-02 15:03:02, TRACE, servlet.ChangePasswordServlet, {1,z08993} wrote 
password to changePasswordBean [10.108.42.36]
2015-06-02 15:03:02, TRACE, util.MacroMachine, replaced Macro @User:ID@ with 
value: z08993
2015-06-02 15:03:02, DEBUG, server.RestServerHelper, {1,z08993} REST WebService 
Request: GET request for: /pwm/public/rest/app-data/client (no params)  
[10.108.42.36]
2015-06-02 15:03:02, TRACE, servlet.ChangePasswordServlet, {1,z08993} retrieved 
password from server session [10.108.42.36]
2015-06-02 15:03:02, TRACE, util.PwmPasswordRuleValidator, calling chai 
directory password validation checker
2015-06-02 15:03:02, DEBUG, servlet.ChangePasswordServlet, 5001 
ERROR_WRONGPASSWORD (cannot set password for user, old password is not 
available)

NOTE: I saw the code in PasswordUtility.setUserPassword and found the following 
code. Debugging get oldPassword = null. Don't know if I am missing some 
configuration.

       // retrieve the user's old password from the userInfoBean in the session
        final String oldPassword = pwmSession.getUserInfoBean().getUserCurrentPassword();

        boolean setPasswordWithoutOld = false;
        if (oldPassword == null || oldPassword.length() < 1) {
            if (pwmApplication.getProxyChaiProvider().getDirectoryVendor() == ChaiProvider.DIRECTORY_VENDOR.MICROSOFT_ACTIVE_DIRECTORY) {
                setPasswordWithoutOld = true;
            }
        }

Original issue reported on code.google.com by jimm...@gmail.com on 2 Jun 2015 at 7:12

GoogleCodeExporter commented 9 years ago
       // retrieve the user's old password from the userInfoBean in the session
        final String oldPassword = pwmSession.getUserInfoBean().getUserCurrentPassword();

        boolean setPasswordWithoutOld = false;
        if (oldPassword == null || oldPassword.length() < 1) {
            if (pwmApplication.getProxyChaiProvider().getDirectoryVendor() == ChaiProvider.DIRECTORY_VENDOR.MICROSOFT_ACTIVE_DIRECTORY) {
                setPasswordWithoutOld = true;
            }
        }

        if (!setPasswordWithoutOld) {
            // Check to make sure we actually have an old password
            if (oldPassword == null || oldPassword.length() < 1) {
                final String errorMsg = "cannot set password for user, old password is not available";
                final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_WRONGPASSWORD, errorMsg);
                throw new PwmOperationalException(errorInformation);
            }
        }

Original comment by jimm...@gmail.com on 2 Jun 2015 at 7:27