Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Cannot change admin user password #8

Closed
stemid opened this issue Sep 11, 2017 · 3 comments
Closed

Cannot change admin user password #8

stemid opened this issue Sep 11, 2017 · 3 comments
Assignees
@stemid
Labels
bug

Comments

@stemid
Copy link
Collaborator

stemid commented Sep 11, 2017

In default install with local password manager I am unable to change the admin user password.

Traceback:

File "/var/opt/siptrack/venv/lib/python2.7/site-packages/django/core/handlers/exception.py" in inner
  41.             response = get_response(request)

File "/var/opt/siptrack/venv/lib/python2.7/site-packages/django/core/handlers/base.py" in _legacy_get_response
  249.             response = self._get_response(request)

File "/var/opt/siptrack/venv/lib/python2.7/site-packages/django/core/handlers/base.py" in _get_response
  187.                 response = self.process_exception_by_middleware(e, request)

File "/var/opt/siptrack/venv/lib/python2.7/site-packages/django/core/handlers/base.py" in _get_response
  185.                 response = wrapped_callback(request, *callback_args, **callback_kwargs)

File "/var/opt/siptrack/venv/lib/python2.7/site-packages/siptrackweb/views/helpers.py" in authwrapper
  54.                     return func(request, *args, **kwargs)

File "/var/opt/siptrack/venv/lib/python2.7/site-packages/siptrackweb/views/user.py" in reset_password_post
  321.     user.resetPassword(new_password)

File "/var/opt/siptrack/venv/lib/python2.7/site-packages/siptracklib/user.py" in resetPassword
  219.         self.transport.resetPassword(self.oid, password)

File "/var/opt/siptrack/venv/lib/python2.7/site-packages/siptracklib/transport/xmlrpc/user.py" in resetPassword
  21.         return self.send('reset_password', oid, password)

File "/var/opt/siptrack/venv/lib/python2.7/site-packages/siptracklib/transport/xmlrpc/baserpc.py" in send
  9.                 *args)

File "/var/opt/siptrack/venv/lib/python2.7/site-packages/siptracklib/transport/xmlrpc/transport.py" in _sendCommand
  197.                 raise SiptrackError(faultstring)

Exception Type: SiptrackError at /user/password/reset/post/3/
Exception Value: 'tuple' object has no attribute 'isValidPassword'

The issue seems to be in siptrackd but this is the exception returned by siptrackweb.
@stemid stemid self-assigned this Sep 11, 2017
@stemid
Copy link
Collaborator Author

stemid commented Nov 5, 2017

This appears to be a design flaw here.

We're trying to reset a users password by doing the following actions.

  • Remove all subkeys from the user
  • Reconnect all subkeys to the user

And the only input we have is the users new password.

So once all subkeys are disconnected we run the piece of code I linked above and it fails because the input provided is just the users new_password twice.

Instead of the proper input which should be the users new_password and the password key password.

Resetting a users password might work better if we;

  1. first create new sub keys for each existing sub key, I believe we could do that without providing a key password.
  2. Then remove all old sub keys, keeping track of which is which in the process.
  3. Then I think the best would be to logout the user.
  4. On login any pending sub keys will be connected by the users login session.

Only speculation so far, I'm going to try it and see how it goes.

@stemid stemid added the bug label Nov 6, 2017
@vipinlalcm vipinlalcm mentioned this issue May 27, 2019
Closed
@vipinlalcm
Copy link

Yes. You are correct. The following error triggered from https://github.com/sii/siptrackd/blob/master/siptrackdlib/user.py#L690

As per the current code, while resetting the password, it should disconnect all subkeys and trying to connect the subkeys with new password instead of old subkey and its actual password keys password.

However, as per my understanding. The current code does not allow to do so. Because, During the initial stage of development , @sii has designed this to reset all the subkeys and user password dependencies while resetting a users password. Because when a user required password reset when he has forgot the old password. Whereas if he knows the old password and still he need to change the password. He can use UpdatePassword utility in the User interface. That works fine.

Also, current web ui has already given a warning while resetting the password.
image

As @stemid has updated it would work better if we can add subkeys without password keys password. But that will go against the current system logic. We have to redesign the applications password creation functions totally to achieve that. We can do it later. But as a workaround we can change the code as mentioned in pull request #12 . Which will reset the password without any error. But user has to login with the new password and connect all the password keys manually.

@stemid
Copy link
Collaborator Author

stemid commented May 28, 2019

Well the merge @lalusvipi did seems to have solved it so I'm closing this case.

@stemid stemid closed this as completed May 28, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@stemid stemid

Labels
bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@stemid @vipinlalcm