[SAC] [OSGeo] #1804: password reset resets wrong password if a user has >1 account on an email address

Committees SAC mailing list
1

#1804: password reset resets wrong password if a user has >1 account on an email
address
---------------------------+-------------------
Reporter: rduivenvoorde | Owner: sac@…
     Type: task | Status: new
Priority: normal | Milestone:
Component: Systems Admin | Keywords:
---------------------------+-------------------
Somebody (well I'm not aware it was myself) created a (now removed) user
'test' in ldap, and used my email address with it, which already is used
in my personal user account...

BUT trying to reset the 'test' user, my own account's password was
actually rest as shown in the email:
The temporary password for the OSGeo Userid "rduivenvoorde" is "****".

So we cannot even rest the test-user password.

I think it should not be possible to add a user with an already
available/used email address?

OR the reset form should work on account name and not with email address?

--
Ticket URL: <https://trac.osgeo.org/osgeo/ticket/1804&gt;
OSGeo <http://www.osgeo.org/&gt;
OSGeo committee and general foundation issue tracker.

2

#1804: password reset resets wrong password if a user has >1 account on an email
address
---------------------------+--------------------
Reporter: rduivenvoorde | Owner: sac@…
     Type: task | Status: new
Priority: normal | Milestone:
Component: Systems Admin | Resolution:
Keywords: |
---------------------------+--------------------

Comment (by rduivenvoorde):

from irc: <strk> but I suspect it is possible to register as "test" and
then change email to (say) yours w/out the "change email" script checking
for other users having that same email (this would be something to fix)...

So both *creating* new users/emails, and *changing* users/emails should be
checked...

--
Ticket URL: <https://trac.osgeo.org/osgeo/ticket/1804#comment:1&gt;
OSGeo <http://www.osgeo.org/&gt;
OSGeo committee and general foundation issue tracker.

3

#1804: password reset resets wrong password if a user has >1 account on an email
address
---------------------------+--------------------
Reporter: rduivenvoorde | Owner: sac@…
     Type: task | Status: new
Priority: normal | Milestone:
Component: Systems Admin | Resolution:
Keywords: |
---------------------------+--------------------
Changes (by rduivenvoorde):

* Attachment "osgeoldap.png" added.

Error when trying to reset password plus link in red bar plus result

--
Ticket URL: <https://trac.osgeo.org/osgeo/ticket/1804&gt;
OSGeo <http://www.osgeo.org/&gt;
OSGeo committee and general foundation issue tracker.