5.1 build 5110 Non-admin users password change not working

Post your Server Bug Report

5.1 build 5110 Non-admin users password change not working

Unread postby thebagleguy » 21 Sep 2014, 07:45

on fresh installs of the server (x64) on windows and debian users that change there passwords and go to log back in does nothing with both the old password and the new one it has been changed to by nothing i mean not even a login error message
thebagleguy
 
Posts: 2
Joined: 29 Jul 2014, 14:47
Has thanked: 0 time
Been thanked: 0 time

Re: AW: 5.1 build 5110 Non-admin users password change not w

Unread postby Madevil » 21 Sep 2014, 11:32

Hi there,

This is tested and shouldn't happen.
Try to cleanup browser cache, cookies and saved form data and passwords.

I have seen this on my testlab with Google chrome.

Best regards
User avatar
Madevil
Administrator
Administrator
 
Posts: 913
Joined: 07 Dec 2012, 03:58
Has thanked: 1333 times
Been thanked: 952 times

Re: 5.1 build 5110 Non-admin users password change not worki

Unread postby thebagleguy » 22 Sep 2014, 07:44

did some looking at the db and seems to be encoding the password and saving it to the database with the old hex encoding scheme and have tried this from various computers and from IE Firefox and chrome
thebagleguy
 
Posts: 2
Joined: 29 Jul 2014, 14:47
Has thanked: 0 time
Been thanked: 0 time

Re: 5.1 build 5110 Non-admin users password change not worki

Unread postby pr0tagonist » 28 Sep 2014, 07:30

Have the same issue with build 5080 and Win Server 2008 x64. Wheh non-admin users change password it doesn't work. I looked in db and saw that hash of this passwords became very short. It aslo happens when used password reset through "Forgotten your password?". I also tried using clean Internet Explorer instead Chrome, but result was the same. Then I installed 5150 and tried again with different browsers but nothing changed except "Wrong username or password" now appears.
pr0tagonist
 
Posts: 6
Joined: 27 May 2014, 13:42
Has thanked: 0 time
Been thanked: 4 times

Re: 5.1 build 5110 Non-admin users password change not worki

Unread postby tofuSCHNITZEL » 09 Oct 2014, 15:54

problem still exists even on 5.1.5150. doesn't matter which browser I use. A user can never login after a password change. looking in the DB I see the password is only 6 digits long.
tofuSCHNITZEL
 
Posts: 9
Joined: 25 Oct 2013, 12:07
Has thanked: 1 time
Been thanked: 1 time

Re: 5.1 build 5110 Non-admin users password change not worki

Unread postby jaszladie » 21 Oct 2014, 19:22

I am also having this issue. I can change the password for my users and they can log in. When they change it themselves, they get locked out.

Code: Select all
[10/21/14 2:20 PM]   INFO   RESTRequestParameterProcessingFilter   Authentication failed for user ...
[10/21/14 2:20 PM]   INFO   RESTRequestParameterProcessingFilter   Authentication failed for user ...
[10/21/14 2:20 PM]   INFO   RESTRequestParameterProcessingFilter   Authentication failed for user ...
[10/21/14 2:20 PM]   INFO   RESTRequestParameterProcessingFilter   Authentication failed for user ...
[10/21/14 2:19 PM]   INFO   RESTRequestParameterProcessingFilter   Authentication failed for user ...
[10/21/14 2:19 PM]   INFO   RESTRequestParameterProcessingFilter   Authentication failed for user .....
[10/21/14 2:19 PM]   INFO   RESTRequestParameterProcessingFilter   Authentication failed for user ...
[10/21/14 2:19 PM]   INFO   RESTRequestParameterProcessingFilter   Authentication failed for user ...
[10/21/14 2:19 PM]   INFO   RESTRequestParameterProcessingFilter   Authentication failed for user ...
[10/21/14 2:19 PM]   INFO   RESTRequestParameterProcessingFilter   Authentication failed for user ...
[10/21/14 2:19 PM]   INFO   RESTRequestParameterProcessingFilter   Authentication failed for user ...
[10/21/14 2:19 PM]   INFO   RESTRequestParameterProcessingFilter   Authentication failed for user ...


Version
MADSONIC 5.1.5150.20140927.0919
MADSONIC REST API v1.12.0

Windows 7 64-bit

This did not occur for me until 5.1.5150.
jaszladie
 
Posts: 15
Joined: 31 Oct 2013, 17:16
Has thanked: 22 times
Been thanked: 2 times

Re: 5.1 build 5110 Non-admin users password change not worki

Unread postby neodawg » 14 Nov 2014, 21:43

Seeing this same error on my Server 2008r2 server running tomcat.

Code: Select all
Exception java.lang.NullPointerException
Message null
Java version Oracle Corporation 1.7.0_17
Operating system Windows Server 2008 R2 6.1
Server Apache Tomcat/6.0.37
Memory Used 119 of 225 MB
Stack trace java.lang.NullPointerException at   


I cant post much of the stack because the forums complain my post is too 'spammy'

That is the error given to the clients browser when entering a username

EDIT: realize this is probably the wrong spot for this now.
I am also running the current stable version, 5.1.5200
neodawg
 
Posts: 9
Joined: 11 Jan 2013, 06:32
Has thanked: 1 time
Been thanked: 3 times

Re: 5.1 build 5110 Non-admin users password change not worki

Unread postby pabohoney1 » 22 Nov 2014, 20:43

jaszladie wrote:I am also having this issue. I can change the password for my users and they can log in. When they change it themselves, they get locked out.


I can replicate this as well. Setting the password for the user when logged in as 'admin' works. Setting the password while logged in as the regular user does NOT work and neither does the password from using the "Forgotten your password?" link.

Looking at madsonic.scripts, I noticed the following:

After password reset tool, password: Aq3DVWrS
INSERT INTO USER VALUES('test','enc:4171334456577253',0,0,0,FALSE,'emailaddress',0,FALSE,'Test')

After setting password in admin panel, password: DP1FDM8cV2Hv
INSERT INTO USER VALUES('test','enc:36646232633338643564623535323037333534653966363561313630313936353165333234333634',0,0,0,FALSE,'emailaddress',0,FALSE,'Test ')

After setting password in user account, password: Aq3DVWrS
INSERT INTO USER VALUES('test','enc:4171334456577253',0,0,0,FALSE,'emailaddress',0,FALSE,'Test')

The user email address was set correctly, but I couldn't post it here. It looks as though using the password reset link or setting it in the user account encodes the password using an old method.
pabohoney1
 
Posts: 2
Joined: 22 May 2013, 15:58
Has thanked: 0 time
Been thanked: 0 time


Return to Bug Reports 5.x

Who is online

Users browsing this forum: No registered users and 1 guest