Ticket #8425 (closed Bug: fixed)

Opened 6 years ago

Last modified 5 years ago

Error when must_change_password set to true

Reported by: ctxlken Owned by: hexsprite
Priority: major Milestone: 3.3
Component: General Version:
Keywords: TuneUpOct24, greenbelt, login must_change_password authenticator Cc:

Description

The error below is returned when attempting to login for the first time as a newly created user, if the must_change_password property has been added (as a Boolean) to the portal_memberdata tool and set to True.

The user is logged in, but depending upon your custom site skin, the user may have no indication that he/she is logged in, and the enforcement of a changed password is not successful, so this is a major issue as it affects site security.

This functionality worked without error on Plone 3.0.6 (presentation of login_change_password form, but I'm not sure it truly enforced the user to reset - if your site presents options to navigate away fron that form, it's likely the user isn't forced to reset password.)

It is not working with Plone 3.1.4 (and potentially other 3.1.x releases.)

The Forbidden/authenticator error is also seen for this other ticket: #8066.

Traceback is below:

Traceback (innermost last):

  • Module ZPublisher.Publish, line 119, in publish
  • Module ZPublisher.mapply, line 88, in mapply
  • Module ZPublisher.Publish, line 42, in call_object
  • Module Products.CMFFormController.FSControllerPageTemplate, line 90, in call
  • Module Products.CMFFormController.BaseControllerPageTemplate, line 28, in _call
  • Module Products.CMFFormController.ControllerBase, line 231, in getNext
  • Module Products.CMFFormController.Actions.TraverseTo, line 38, in call
  • Module ZPublisher.mapply, line 88, in mapply
  • Module ZPublisher.Publish, line 42, in call_object
  • Module Products.CMFFormController.FSControllerPythonScript, line 104, in call
  • Module Products.CMFFormController.Script, line 145, in call
  • Module Products.CMFCore.FSPythonScript, line 140, in call
  • Module Shared.DC.Scripts.Bindings, line 313, in call
  • Module Shared.DC.Scripts.Bindings, line 350, in _bindAndExec
  • Module Products.CMFCore.FSPythonScript, line 196, in _exec
  • Module None, line 6, in login_change_password <FSControllerPythonScript at /p31test/login_change_password> Line 6
  • Module <string>, line 4, in _facade
  • Module plone.protect.utils, line 32, in _curried
  • Module plone.protect.authenticator, line 60, in check

Forbidden: Form authenticator is invalid.

Attachments

8425_must_change_password_fix.diff Download (3.3 KB) - added by hexsprite 5 years ago.
fix for #8425 (with tests)

Change History

comment:1 Changed 6 years ago by ctxlken

Also, ticket #6713 was reported on Plone 2.5, and I believe was fixed for 3.0, but seems to have resurfaced with 3.1.4 (some version since 3.0.6, where it was working.)

Ticket #6713 could potentially be closed if this more recent one is left open, or 6713 could remain open and have its milestone set to 2.5, since it may have been a similar, but not exactly the same error/cause.

comment:2 Changed 6 years ago by gabdavhp

  • Keywords TuneUpSept26, added

comment:3 Changed 6 years ago by gabdavhp

  • Keywords greenbelt, added

comment:4 Changed 6 years ago by kurt

  • Owner set to kurt
  • Status changed from new to assigned

comment:5 Changed 6 years ago by gabdavhp

  • Keywords TuneUpOct24, added; TuneUpSept26, removed

comment:6 Changed 5 years ago by hexsprite

  • Owner changed from kurt to hexsprite
  • Status changed from assigned to new

Confirmed in 3.2 trunk today.

Changed 5 years ago by hexsprite

fix for #8425 (with tests)

comment:7 Changed 5 years ago by hexsprite

  • Status changed from new to closed
  • Resolution set to fixed

(In [23020]) added missing authenticator for login_password.cpt, and some tests for must_change_password support. fixes #8425

comment:8 Changed 5 years ago by hannosch

  • Component changed from Login and registration to Infrastructure

comment:9 Changed 5 years ago by hannosch

  • Milestone changed from 3.x to 3.3

comment:10 Changed 22 months ago by davisagli

  • Component changed from Infrastructure to General
Note: See TracTickets for help on using tickets.