search

wifang / mollify

Automatically exported from code.google.com/p/mollify
0 stars 0 forks source link

Registration email includes user password #362

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago 
It would be great if you could add a password to the email address generated 
via registration, currently the javascript conversion to MD5 causes the 
password to be converted before it can be passed to the email template.

Original issue reported on code.google.com by spacer...@gmail.com on 1 Feb 2012 at 10:37

GoogleCodeExporter commented 9 years ago 
Not at all, it is just base64 encoded and is decoded before processed. Don't 
know why would you want to send password back to the user, but with the 
attached version you can use the parameter %password%.

Original comment by samuli.j...@gmail.com on 3 Feb 2012 at 7:21

Attachments:

GoogleCodeExporter commented 9 years ago 
It's mostly just for record keeping, thank you so much! (and I gave you some 
euros for this excellent project, buy yourself a beer!).

Original comment by spacer...@gmail.com on 3 Feb 2012 at 7:30

GoogleCodeExporter commented 9 years ago 
[deleted comment]
GoogleCodeExporter commented 9 years ago 
so I tried it out, and it looks like it's still encoded:

†ïyÎ7m·¶iïZi®\sá͡ovº

for a password I generated via the backend of mollify.

Original comment by spacer...@gmail.com on 3 Feb 2012 at 7:41

GoogleCodeExporter commented 9 years ago 
I tried it myself, and got plain password. Which version are you using? 
Password strategy was changed at some point, but it was quite a long time ago

Original comment by samuli.j...@gmail.com on 3 Feb 2012 at 7:43

GoogleCodeExporter commented 9 years ago 
I'm using mollify 1.8.5.3 ( upgraded just as you were posting 1.8.6 :P ) would 
upgrading fix it?

Original comment by spacer...@gmail.com on 3 Feb 2012 at 7:51

GoogleCodeExporter commented 9 years ago 
1.8.5.3 isn't that old, it should have the same password strategy.

Are we talking about the same thing? I was wondering what did you mean with 
"for a password I generated via the backend of mollify", because registration 
does not create passwords in backend, it uses the one user gives in the browser.

You are not talking about the lost password plugin?

Original comment by samuli.j...@gmail.com on 3 Feb 2012 at 7:57

GoogleCodeExporter commented 9 years ago 
Alright so I tested the actual registration page versus adding a person via the 
admin panel, and it looks like it MD5 encodes the password before it submits 
the pending registration when you do it via the admin screen, the registration 
page shows the password as plain text.

Original comment by spacer...@gmail.com on 3 Feb 2012 at 7:58

GoogleCodeExporter commented 9 years ago 
Oh yes, you meant the admin tool. You are right, it does md5 and it shouldn't. 
I'll fix that.

Original comment by samuli.j...@gmail.com on 3 Feb 2012 at 8:01

GoogleCodeExporter commented 9 years ago 
This fixes that one as well.

Original comment by samuli.j...@gmail.com on 3 Feb 2012 at 8:05

Attachments:

GoogleCodeExporter commented 9 years ago 
And registrations.js goes into the "backend/plugin/Registration/admin"

Original comment by samuli.j...@gmail.com on 3 Feb 2012 at 8:06

GoogleCodeExporter commented 9 years ago 
Thank you, you're the best!

Original comment by spacer...@gmail.com on 3 Feb 2012 at 8:06

GoogleCodeExporter commented 9 years ago 
[deleted comment]
GoogleCodeExporter commented 9 years ago 
Nevermind about the previous statement, i had to reset my browser to get around 
the caching but it works now.

Original comment by spacer...@gmail.com on 3 Feb 2012 at 10:39

GoogleCodeExporter commented 9 years ago 
Fixed in 1.8.6.2

Original comment by samuli.j...@gmail.com on 24 Feb 2012 at 5:38