6.0.0-git
2019-03-18

[#12317] resetpassword doesn't reset password
Summary resetpassword doesn't reset password
Queue Horde Framework Packages
Queue Version Git master
Type Bug
State Resolved
Priority 2. Medium
Owners jan (at) horde (dot) org
Requester maciej.uhlig (at) us (dot) edu (dot) pl
Created 2013-06-07 (2110 days ago)
Due 06/07/2013 (2110 days ago)
Updated 2013-12-17 (1917 days ago)
Assigned
Resolved 2013-06-21 (2096 days ago)
Milestone
Patch No

History
2013-12-17 11:16:58 Git Commit Comment #9 Reply to this comment
Changes have been made in Git (master):

commit 83dabef5be48c3340cbebf7c0f1961dc08243d5c
Author: Jan Schneider <jan@horde.org>
Date:   Thu Oct 17 15:10:20 2013 +0200

     Correctly catch unknown actions (Bug #12317).

  framework/Ldap/lib/Horde/Ldap.php           |    4 ++++
  framework/Ldap/package.xml                  |    2 ++
  framework/Ldap/test/Horde/Ldap/LdapTest.php |    7 +++++++
  3 files changed, 13 insertions(+), 0 deletions(-)

http://git.horde.org/horde-git/-/commit/83dabef5be48c3340cbebf7c0f1961dc08243d5c
2013-12-17 11:16:54 Git Commit Comment #8 Reply to this comment
Changes have been made in Git (master):

commit e33a94cc33049718e5f5647d828f5290d404f4a8
Author: Jan Schneider <jan@horde.org>
Date:   Thu Oct 17 14:59:37 2013 +0200

     Revert "Throw exception if passing invalid action (Bug #12317)."

     This is a logic error. Now we require *all* modification actions 
to be passed.

     This reverts commit 0fd35ec967a51b8ae0cda8ee0e0d1331d928bc79.

  framework/Ldap/lib/Horde/Ldap.php |    2 +-
  1 files changed, 1 insertions(+), 1 deletions(-)

http://git.horde.org/horde-git/-/commit/e33a94cc33049718e5f5647d828f5290d404f4a8
2013-10-17 13:11:38 Git Commit Comment #7 Reply to this comment
Changes have been made in Git (master):

commit e35efcea7c790fe69d7d185a01a53e43ad22ba11
Author: Jan Schneider <jan@horde.org>
Date:   Thu Oct 17 15:10:20 2013 +0200

     Correctly catch unknown actions (Bug #12317).

  framework/Ldap/lib/Horde/Ldap.php           |    4 ++++
  framework/Ldap/package.xml                  |    2 ++
  framework/Ldap/test/Horde/Ldap/LdapTest.php |    7 +++++++
  3 files changed, 13 insertions(+), 0 deletions(-)

http://git.horde.org/horde-git/-/commit/e35efcea7c790fe69d7d185a01a53e43ad22ba11
2013-10-17 13:11:34 Git Commit Comment #6 Reply to this comment
Changes have been made in Git (master):

commit 7370effc3263ef7d3793091571a2fccfb8e6f53a
Author: Jan Schneider <jan@horde.org>
Date:   Thu Oct 17 14:59:37 2013 +0200

     Revert "Throw exception if passing invalid action (Bug #12317)."

     This is a logic error. Now we require *all* modification actions 
to be passed.

     This reverts commit 0fd35ec967a51b8ae0cda8ee0e0d1331d928bc79.

  framework/Ldap/lib/Horde/Ldap.php |    2 +-
  1 files changed, 1 insertions(+), 1 deletions(-)

http://git.horde.org/horde-git/-/commit/7370effc3263ef7d3793091571a2fccfb8e6f53a
2013-06-21 09:52:13 Jan Schneider Version ⇒ Git master
Queue ⇒ Horde Framework Packages
 
2013-06-21 09:50:54 Jan Schneider Comment #5
Assigned to Jan Schneider
State ⇒ Resolved
Priority ⇒ 2. Medium
Reply to this comment
Thanks for the analysis!
2013-06-21 09:50:46 Git Commit Comment #4 Reply to this comment
Changes have been made in Git (master):

commit 90ba1861b4d38387959af227144a4e772c442cf3
Author: Jan Schneider <jan@horde.org>
Date:   Fri Jun 21 11:49:23 2013 +0200

     [jan] Fix resetting passwords with LDAP driver (Bug #12317).

  framework/Auth/lib/Horde/Auth/Ldap.php |    2 +-
  framework/Auth/package.xml             |    2 ++
  2 files changed, 3 insertions(+), 1 deletions(-)

http://git.horde.org/horde-git/-/commit/90ba1861b4d38387959af227144a4e772c442cf3
2013-06-21 09:50:40 Git Commit Comment #3 Reply to this comment
Changes have been made in Git (master):

commit 0fd35ec967a51b8ae0cda8ee0e0d1331d928bc79
Author: Jan Schneider <jan@horde.org>
Date:   Fri Jun 21 11:48:31 2013 +0200

     Throw exception if passing invalid action (Bug #12317).

  framework/Ldap/lib/Horde/Ldap.php |    2 +-
  1 files changed, 1 insertions(+), 1 deletions(-)

http://git.horde.org/horde-git/-/commit/0fd35ec967a51b8ae0cda8ee0e0d1331d928bc79
2013-06-21 07:27:38 maciej (dot) uhlig (at) us (dot) edu (dot) pl Comment #2 Reply to this comment
Solved: in /Horde/Auth/Ldap.php, in function resetPassword(); change line:

$this->_ldap->modify($dn, $entry);

to:

$this->_ldap->modify($dn, array('replace' => $entry));

That's it.
2013-06-07 07:16:07 maciej (dot) uhlig (at) us (dot) edu (dot) pl Comment #1
Type ⇒ Bug
State ⇒ Unconfirmed
Priority ⇒ 3. High
Summary ⇒ resetpassword doesn't reset password
Due ⇒ 2013-06-07
Queue ⇒ Horde Groupware Webmail Edition
Milestone ⇒
Patch ⇒ No
Reply to this comment
Although resetpassword.php mails "Your password has been reset" the 
password is actually not changed. The reason is as follows:

\services\resetpassword.php calls
$password = $auth->resetPassword($info['username']);
there is no exception and success mail is sent, but...

\Horde\Auth\Ldap.php makes an argument for LDAP modify as:

$entry = array(
             'userpassword' => 
Horde_Auth::getCryptedPassword($password,........

and passes it to LDAP modify:

$this->_ldap->modify($dn, $entry);

there is no exception once more because:

\Horde\Ldap.php modify()

tell us: The $params argument is an array of actions and should be 
something like
      * this:

Obviously the passed parameter is not an array of actions - see debug file:

     public function modify($entry, $parms = array())
     {
Horde::debug($parms, "/tmp/horde_debug_parms");

horde-5 tmp # cat horde_debug_parms
2013-06-07T06:32:59+00:00 DEBUG: Variable information:
array(1) {
   'userpassword' =>
   string(38) "{SSHA}Jk4...6hAkuNdkD5Na5s...O632e4oLN"
}

Backtrace:
1. Horde_Core_Auth_Application->resetPassword() 
/data/var/www/webmail/services/resetpassword.php:74
2. Horde_Auth_Ldap->resetPassword() 
/usr/share/php/Horde/Core/Auth/Application.php:389
3. Horde_Ldap->modify() /usr/share/php/Horde/Auth/Ldap.php:432
4. Horde::debug() /usr/share/php/Horde/Ldap.php:684

horde-5 tmp #




Saved Queries