6.0.0-git
2019-04-24

[#10433] Successful password change leads to infinite loading of site
Summary Successful password change leads to infinite loading of site
Queue Passwd
Queue Version Git master
Type Bug
State Duplicate
Priority 1. Low
Owners
Requester stephan (at) admin (dot) nabira (dot) de
Created 2011-08-17 (2807 days ago)
Due
Updated 2011-09-14 (2779 days ago)
Assigned
Resolved 2011-08-17 (2807 days ago)
Milestone
Patch No

History
2011-09-14 08:50:12 Jan Schneider Deleted Original Message
 
2011-09-14 08:50:03 Jan Schneider Deleted Original Message
 
2011-08-17 12:04:57 stephan (at) admin (dot) nabira (dot) de Comment #9 Reply to this comment
Not to offend you in any way but the diff file is empty.
Whatever happened to the file I do not know, but I will try another upload.
And again the file is empty after upload. Something is wrong here. I 
will try uploading a zipped version.
And again. A zero byte file. This makes no sense.
I will copy and paste the contents of the diff-file.

---------------------------- passwd/lib/Passwd.php 
----------------------------
index 05612a8..71e612f 100644
@@ -105,6 +105,13 @@ class Passwd {
      {
          if ($GLOBALS['registry']->getAuthCredential('password') == 
$old_password) {
              $GLOBALS['registry']->setAuthCredential('password', 
$new_password);
+
+                        // Generate an authenticateFailure to force a logout after 
successful password change.
+                        // This is a workaround until Horde Framework supports propagation 
of credential changes to applications
+                        $GLOBALS['registry']->authenticateFailure('horde' ,
+                        new Horde_Auth_Exception(
+                                'Ihr Passwort wurde erfolgreich geƤndert. Bitte melden Sie sich neu an.',
+                                Horde_Registry::PERMISSION_DENIED) );
          }
      }

2011-08-17 12:02:36 stephan (at) admin (dot) nabira (dot) de Comment #8
New Attachment: Passwd.php.zip
Reply to this comment
Not to offend you in any way but the diff file is empty.
Whatever happened to the file I do not know, but I will try another upload.
And again the file is empty after upload. Something is wrong here. I 
will try uploading a zipped version.
2011-08-17 11:59:09 stephan (at) admin (dot) nabira (dot) de Comment #7
New Attachment: Passwd.php[1].diff
Reply to this comment
Not to offend you in any way but the diff file is empty.
Whatever happened to the file I do not know, but I will try another upload.
You should have mentioned it is about imp application auth. Other 
backends are working without problems so unconditional logout is no 
good option for these cases.
Ehm, no. It is about Horde auth using IMAP driver. I am not using imp 
directly as authenticator,  although Horde may do that internally, 
which I do not know.

My config regarding this is:

horde4/config/conf.php:
...
$conf['auth']['params']['hostspec'] = 'mail.hostname.de';
$conf['auth']['params']['port'] = 143;
$conf['auth']['params']['secure'] = 'tls';
$conf['auth']['driver'] = 'imap';
...

horde4/imp/config/backends.php:
...
$servers['imap'] = array(
     'disabled' => false,
     'name' => 'IMAP Server',
     'hostspec' => 'mail.hostname.de',
     'hordeauth' => false,
     'protocol' => 'imap',
     'port' => 143,
     'secure' => 'tls',
     'maildomain' => '',
     'cache' => false,
);
What passwd backend is used here?
MySQL. I write to the same DB the IMAP-Server uses as authentication 
database. I have tried authenticating against the DB directly but 
regarding this problem there is no change in behaviour.

2011-08-17 09:57:38 Ralf Lang (B1 Systems GmbH) Comment #6 Reply to this comment
This is no genuie duplicate since it provides a workaround until the 
"duplicated" bug is solved. If your policy sees this another way 
please merge the tickets if you like.

Jan, your words on the horde mailing list on 27.07.2011 20:24 where:
"Why don't you open a ticket and upload a patch? Thanks."

So I did.
Hi kareem,
Not to offend you in any way but the diff file is empty.
You should have mentioned it is about imp application auth. Other 
backends are working without problems so unconditional logout is no 
good option for these cases.

What passwd backend is used here?
2011-08-17 09:36:23 stephan (at) admin (dot) nabira (dot) de Comment #5 Reply to this comment
This is no genuie duplicate since it provides a workaround until the 
"duplicated" bug is solved. If your policy sees this another way 
please merge the tickets if you like.

Jan, your words on the horde mailing list on 27.07.2011 20:24 where:
"Why don't you open a ticket and upload a patch? Thanks."

So I did.
2011-08-17 09:28:36 stephan (at) admin (dot) nabira (dot) de Comment #4
New Attachment: Passwd.php.diff Download
Reply to this comment
I tried to solve this with the help of Jan on the horde mailing list.

I just have no idea how to correctly submit this patch. The 
information on http://www.horde.org/development/git#createcommit is 
not verbose enough for a git newbe. I did my best and hope it is 
alright.

Please inform me what I can do better next time.
2011-08-17 09:23:11 Jan Schneider Comment #3
State ⇒ Duplicate
Priority ⇒ 1. Low
Reply to this comment
2011-08-17 09:12:39 Ralf Lang (B1 Systems GmbH) Comment #2 Reply to this comment

[Show Quoted Text - 12 lines]
This doesn't happen for me with sql auth and ldap auth. Can you 
provide more Info?

Which passwd backend are you using? (passwd/config/backends.local.php)
Which Driver is used for Horde_Auth? (horde/config/conf.php)


2011-08-17 09:08:20 stephan (at) admin (dot) nabira (dot) de Comment #1
Type ⇒ Bug
State ⇒ Unconfirmed
Priority ⇒ 3. High
Summary ⇒ Successful password change leads to infinite loading of site
Queue ⇒ Passwd
Milestone ⇒
Patch ⇒ No
Reply to this comment
After successful password change any action in Horde makes the browser 
infinitly try to load the page. Even logout results in this behavior. 
The same
with a page reload or manually entering the url.

Only after completly closing the browser and reopening it shows the
login screen again. Using the new password I can log in again.

No possibility to reset credentials in applications is provided by the 
Horde Framework (Enhancement #10228), so as a workaround passwd needs 
to log out the user at the moment.

Saved Queries