Openfire

Openfire does not honor option to stop password changes

Details

  • Type: Bug Bug
  • Status: Closed Closed
  • Priority: Blocker Blocker
  • Resolution: Fixed
  • Affects Version/s: 3.6.4
  • Fix Version/s: 3.7.0 beta
  • Component/s: Core
  • Acceptance Test - Add?:
    No
  • Description:

    Disabling password changes on the console has no effect. One can still send the IQ packet manually to change their password.

Activity

Ascending order - Click to sort in descending order
Gaston Dombiak made changes - 05/01/09 08:50 PM
Field Original Value New Value
Fix Version/s 3.6.4 [ 10840 ]
Fix Version/s 3.6.5 [ 10842 ]
Hide
Permalink
Daryl Herzmann added a comment - 06/16/09 10:38 PM

r11076

Show
Daryl Herzmann added a comment - 06/16/09 10:38 PM r11076
Daryl Herzmann made changes - 06/16/09 10:38 PM
Status Open [ 1 ] Closed [ 6 ]
Resolution Fixed [ 1 ]
Hide
Permalink
Gaston Dombiak added a comment - 08/05/09 04:56 PM

I think there is a misunderstanding here that lead to an incorrect fix. The system property "register.password" was being used to specify if users can change their password or not. The system property "xmpp.auth.iqauth" was being used to specify if the old IQ authentication method was available or if SASL should be used instead.

Having said that, the error was that the old IQ auth method also allowed to change password and not only authenticate people. AFAIK, the fix would be to modify IQAuthHandler#passwordReset so that it checks on the system property "register.password" to see if users can change their passwords.

Show
Gaston Dombiak added a comment - 08/05/09 04:56 PM I think there is a misunderstanding here that lead to an incorrect fix. The system property "register.password" was being used to specify if users can change their password or not. The system property "xmpp.auth.iqauth" was being used to specify if the old IQ authentication method was available or if SASL should be used instead. Having said that, the error was that the old IQ auth method also allowed to change password and not only authenticate people. AFAIK, the fix would be to modify IQAuthHandler#passwordReset so that it checks on the system property "register.password" to see if users can change their passwords.
Hide
Permalink
Daryl Herzmann added a comment - 08/05/09 05:00 PM

Hi Gato,

Thanks for the feedback. You wish for me to commit a patch correcting this or can you do it quick?

daryl

Show
Daryl Herzmann added a comment - 08/05/09 05:00 PM Hi Gato, Thanks for the feedback. You wish for me to commit a patch correcting this or can you do it quick? daryl
Hide
Permalink
Gaston Dombiak added a comment - 08/05/09 05:06 PM

I just checked in my version of the fix. Let me know if you are ok with it. Tks.

Show
Gaston Dombiak added a comment - 08/05/09 05:06 PM I just checked in my version of the fix. Let me know if you are ok with it. Tks.
Hide
Permalink
Daryl Herzmann added a comment - 08/05/09 05:10 PM

Hehe, I doubt I can challenge your changes! Thanks for the fix.

Show
Daryl Herzmann added a comment - 08/05/09 05:10 PM Hehe, I doubt I can challenge your changes! Thanks for the fix.
Daryl Herzmann made changes - 01/11/10 03:44 PM
Affects Version/s 3.6.3 [ 10833 ]
Fix Version/s 3.6.5 [ 10842 ]
Fix Version/s 3.6.5 [ 10854 ]
Component/s Core [ 10002 ]
Project Openfire (ARCHIVED) [ 10010 ] Openfire [ 10140 ]
Key JM-1532 OF-221
Daryl Herzmann made changes - 01/31/10 08:58 PM
Status Closed [ 6 ] Reopened [ 4 ]
Resolution Fixed [ 1 ]
Daryl Herzmann made changes - 01/31/10 08:58 PM
Component/s Core [ 10232 ]
Affects Version/s 3.6.4 [ 10870 ]
Daryl Herzmann made changes - 01/31/10 08:59 PM
Status Reopened [ 4 ] Closed [ 6 ]
Resolution Fixed [ 1 ]

People

Dates

  • Created:
    04/15/09 11:31 AM
    Updated:
    01/31/10 08:59 PM
    Resolved:
    01/31/10 08:59 PM
Atlassian JIRA (v4.1.2#531) | Report a problem | Request a feature | Contact administrators
Powered by a free Atlassian JIRA open source license for igniterealtime.org. Try JIRA - bug tracking software for your team.