Ticket #558 (closed defect: Fixed)

Opened 2 years ago

Last modified 3 months ago

change user password doesn't fully log you out (but it should)

Reported by: edahl Owned by: edahl
Priority: 1 - Blocker Milestone: zenoss-1.0
Component: All Version: 0.23.0
Keywords: review Cc: jstevens, oubiwann, edahl
Community Patch Attached: Deployed @ Customer:
Installer: Maintenance Target:
Specific ZenPack: Maintenance Status:
Documentation Note?: Not required Regression:

Description


Change History

Changed 2 years ago by oubiwann

  • cc oubiwann added
  • status changed from new to assigned
  • owner changed from oubiwan to oubiwann

Changed 2 years ago by oubiwann

I think we need to force a page refresh after a user changes password...

Changed 2 years ago by oubiwann

Nevermind -- I see the call to acl_users._doChangeUser() now.

The problem probably comes from using the "private" method _doChangeUser(). I'll see if there's a more complete method that uses the PAS machinery to process a user/password change.

Changed 2 years ago by oubiwann

The plot thickens...

I originally used the PAS machinery for UserSettings.manage_editUserSettings(), but not for UserSettingsManager.manage_changeUser().

But... I'm not sure that what I did in UserSettings is good, at least, not in the order that it is currently done. If the code works as expected, the user's password will be updated, their credentials will be reset, they will be logged out, and the rest of method will not run.

Some notes:

  • It seems that UserSettings.manage_editUserSettings() is only used in skins/zenmodel/editUserSettings.pt
  • I cannot find any code in Zenoss that uses UserSettingsManager.manage_changeUser -- am I missing something?

If this is true, then my assessment from the previous comment is incorrect: we are using the PAS machinery and need to do something else in addition. Possible resetting credentials upon password change.

Changed 2 years ago by oubiwann

  • cc edahl added

Erik, there is another issue with the user management page, and a solution to that could fix the changed password issue.

If I am logged in as a user with a manger role, I see the "assign roles" widget. If I change the roles to be non-manager, the data saves and the page is refreshed, but with the "assign roles" widget still visible.

Not until the next page load does the widget go away, when it should go away after the role is changed.

Changed 2 years ago by oubiwann

  • keywords review added
  • owner changed from oubiwann to edahl
  • status changed from assigned to new

I'm going to open a new ticket for the last comment I posted.

This ticket can be closed now. Here's what I did:

  • Moved the password-changing code to the end of the manage_editUserSettings() method (it turned out that the changes weren't getting saved if the password also changed).
  • Added a logout() call right after a password change.

Tests confirmed that after a password change, a user is redirected to the login form.

Changed 2 years ago by edahl

  • status changed from new to closed
  • resolution set to fixed

looks good to me.

Changed 3 months ago by bbibeault

  • documentation set to Not required
  • reviewed set to 1
Note: See TracTickets for help on using tickets.