You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@archiva.apache.org by "Jeff Vincent (JIRA)" <ji...@codehaus.org> on 2012/10/10 23:33:36 UTC
[jira] (MRM-1690) User & password management broken
Jeff Vincent created MRM-1690:
---------------------------------
Summary: User & password management broken
Key: MRM-1690
URL: https://jira.codehaus.org/browse/MRM-1690
Project: Archiva
Issue Type: Bug
Components: Users/Security
Affects Versions: 1.4-M3
Environment: Archiva Server: Apache Tomcat 6
OS: CentOS 6.2
Client: Windows 7/Chrome (latest) and FireFox 15.0.1 and IE 9.0.10 (except IE hangs when loading the home page)
Reporter: Jeff Vincent
Priority: Critical
1) Can't create new users. Filling in the form and clicking save does nothing. The dialog stays open. (Attempted w/ Chrome&FF, couldn't get IE to open the home page)
2) I'm having problems setting the password for the admin user (possibly others, but I don't want to touch other accounts and I can't create new ones). The reset password process didn't send me an e-mail.
Initially after the upgrade from 1.4-M2, I had forgotten the 'admin' password and eventually got a prompt (not sure how) to change the password but it didn't seem to do anything.
I also tried clicking "Forgot Password" and it put a banner at the top of the page saying "Password reset", but it wasn't clear what that meant. I think maybe it was supposed to send an email. If so, maybe the message needs to say that.
However, I never got an e-mail.
I ended up copying the derby database files to my local system and using SquirreL SQL client to open up and copy a known encrypted password value from another user.
After logging in using the copied password, I attempted to change the 'admin' password. I click "Edit Details", entered my existing password and new password info. When I click "Ok". It appears to do nothing. The dialog stays open and no password is set.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://jira.codehaus.org/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] (MRM-1690) User & password management broken
Posted by "Jeff Vincent (JIRA)" <ji...@codehaus.org>.
[ https://jira.codehaus.org/browse/MRM-1690?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Jeff Vincent closed MRM-1690.
-----------------------------
Resolution: Not A Bug
Fix Version/s: 1.4-M3
My bad. Due to the derbydb/ folder and files being owned by root:root instead of tomcat:tomcat, the changes wouldn't persist.
In addition, I had a bad value in security.properties:
security.policy.password.previous.count=0
causing a call to sublist(0,-1) to choke in DefaultUserSecurityPolicy.java:lines[327-329]
> User & password management broken
> ---------------------------------
>
> Key: MRM-1690
> URL: https://jira.codehaus.org/browse/MRM-1690
> Project: Archiva
> Issue Type: Bug
> Components: Users/Security
> Affects Versions: 1.4-M3
> Environment: Archiva Server: Apache Tomcat 6
> OS: CentOS 6.2
> Client: Windows 7/Chrome (latest) and FireFox 15.0.1 and IE 9.0.10 (except IE hangs when loading the home page)
> Reporter: Jeff Vincent
> Priority: Critical
> Fix For: 1.4-M3
>
>
> 1) Can't create new users. Filling in the form and clicking save does nothing. The dialog stays open. (Attempted w/ Chrome&FF, couldn't get IE to open the home page)
> 2) I'm having problems setting the password for the admin user (possibly others, but I don't want to touch other accounts and I can't create new ones). The reset password process didn't send me an e-mail.
> Initially after the upgrade from 1.4-M2, I had forgotten the 'admin' password and eventually got a prompt (not sure how) to change the password but it didn't seem to do anything.
> I also tried clicking "Forgot Password" and it put a banner at the top of the page saying "Password reset", but it wasn't clear what that meant. I think maybe it was supposed to send an email. If so, maybe the message needs to say that.
> However, I never got an e-mail.
> I ended up copying the derby database files to my local system and using SquirreL SQL client to open up and copy a known encrypted password value from another user.
> After logging in using the copied password, I attempted to change the 'admin' password. I click "Edit Details", entered my existing password and new password info. When I click "Ok". It appears to do nothing. The dialog stays open and no password is set.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://jira.codehaus.org/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira