search

sii / siptrackd

Other
0 stars 4 forks source link

Cannot change admin user password #8

Closed stemid closed 5 years ago

stemid commented 6 years ago

In default install with local password manager I am unable to change the admin user password. 

Traceback:

File "/var/opt/siptrack/venv/lib/python2.7/site-packages/django/core/handlers/exception.py" in inner
  41.             response = get_response(request)

File "/var/opt/siptrack/venv/lib/python2.7/site-packages/django/core/handlers/base.py" in _legacy_get_response
  249.             response = self._get_response(request)

File "/var/opt/siptrack/venv/lib/python2.7/site-packages/django/core/handlers/base.py" in _get_response
  187.                 response = self.process_exception_by_middleware(e, request)

File "/var/opt/siptrack/venv/lib/python2.7/site-packages/django/core/handlers/base.py" in _get_response
  185.                 response = wrapped_callback(request, *callback_args, **callback_kwargs)

File "/var/opt/siptrack/venv/lib/python2.7/site-packages/siptrackweb/views/helpers.py" in authwrapper
  54.                     return func(request, *args, **kwargs)

File "/var/opt/siptrack/venv/lib/python2.7/site-packages/siptrackweb/views/user.py" in reset_password_post
  321.     user.resetPassword(new_password)

File "/var/opt/siptrack/venv/lib/python2.7/site-packages/siptracklib/user.py" in resetPassword
  219.         self.transport.resetPassword(self.oid, password)

File "/var/opt/siptrack/venv/lib/python2.7/site-packages/siptracklib/transport/xmlrpc/user.py" in resetPassword
  21.         return self.send('reset_password', oid, password)

File "/var/opt/siptrack/venv/lib/python2.7/site-packages/siptracklib/transport/xmlrpc/baserpc.py" in send
  9.                 *args)

File "/var/opt/siptrack/venv/lib/python2.7/site-packages/siptracklib/transport/xmlrpc/transport.py" in _sendCommand
  197.                 raise SiptrackError(faultstring)

Exception Type: SiptrackError at /user/password/reset/post/3/
Exception Value: 'tuple' object has no attribute 'isValidPassword'

The issue seems to be in siptrackd but this is the exception returned by siptrackweb.

stemid commented 6 years ago

This appears to be a design flaw here.

We're trying to reset a users password by doing the following actions.

And the only input we have is the users new password.

So once all subkeys are disconnected we run the piece of code I linked above and it fails because the input provided is just the users new_password twice.

Instead of the proper input which should be the users new_password and the password key password.

Resetting a users password might work better if we;

  1. first create new sub keys for each existing sub key, I believe we could do that without providing a key password.
  2. Then remove all old sub keys, keeping track of which is which in the process.
  3. Then I think the best would be to logout the user.
  4. On login any pending sub keys will be connected by the users login session.

Only speculation so far, I'm going to try it and see how it goes.

vipinlalcm commented 5 years ago

Yes. You are correct. The following error triggered from https://github.com/sii/siptrackd/blob/master/siptrackdlib/user.py#L690

As per the current code, while resetting the password, it should disconnect all subkeys and trying to connect the subkeys with new password instead of old subkey and its actual password keys password.

However, as per my understanding. The current code does not allow to do so. Because, During the initial stage of development , @sii has designed this to reset all the subkeys and user password dependencies while resetting a users password. Because when a user required password reset when he has forgot the old password. Whereas if he knows the old password and still he need to change the password. He can use UpdatePassword utility in the User interface. That works fine.

Also, current web ui has already given a warning while resetting the password. image

As @stemid has updated it would work better if we can add subkeys without password keys password. But that will go against the current system logic. We have to redesign the applications password creation functions totally to achieve that. We can do it later. But as a workaround we can change the code as mentioned in pull request #12 . Which will reset the password without any error. But user has to login with the new password and connect all the password keys manually.

stemid commented 5 years ago

Well the merge @lalusvipi did seems to have solved it so I'm closing this case.