You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
We use LDAP on most of our projects and they're all experiencing same problem - Members cannot change their password for CMS in Security section. Validator reports their entered old password is incorrect every time user tries to change their password .
The problem lies in class ConfirmedPasswordField in method validate.
When getRequireExistingPassword() returns true (it's true when user is changing his own password) code loops through all validators and checks if user has entered correct password:
// With a valid user and password, check the password is correct$authenticators = Security::singleton()->getApplicableAuthenticators(Authenticator::CHECK_PASSWORD);
foreach ($authenticatorsas$authenticator) {
$checkResult = $authenticator->checkPassword($member, $this->currentPasswordValue);
if (!$checkResult->isValid()) {
$validator->validationError(
$name,
_t(
__CLASS__ . '.CURRENT_PASSWORD_ERROR',
"The current password you have entered is not correct."
),
"validation"
);
returnfalse;
}
}
To pass this validation, user should have the same password in all registered Authenticators which provide service Authenticator::CHECK_PASSWORD.
Since this field is here only for SilverStripe\Security\MemberAuthenticator\MemberAuthenticator it shouldn't loop through other Authenticators. Either this loop shouldn't exist here or it should be set which Authenticators should field use in the first place (when creating field).
Affected Version
SS4/SS5 framework
Steps to Reproduce
Install SS with extra authenticator (like https://github.com/silverstripe/silverstripe-ldap).
Create admin user in CMS and set its password.
Log in CMS with created user and try to change password.
The text was updated successfully, but these errors were encountered:
We use LDAP on most of our projects and they're all experiencing same problem - Members cannot change their password for CMS in Security section. Validator reports their entered old password is incorrect every time user tries to change their password .
The problem lies in class
ConfirmedPasswordField
in methodvalidate
.When
getRequireExistingPassword()
returns true (it's true when user is changing his own password) code loops through all validators and checks if user has entered correct password:To pass this validation, user should have the same password in all registered Authenticators which provide service
Authenticator::CHECK_PASSWORD
.Since this field is here only for
SilverStripe\Security\MemberAuthenticator\MemberAuthenticator
it shouldn't loop through other Authenticators. Either this loop shouldn't exist here or it should be set which Authenticators should field use in the first place (when creating field).Affected Version
SS4/SS5 framework
Steps to Reproduce
Install SS with extra authenticator (like https://github.com/silverstripe/silverstripe-ldap).
Create admin user in CMS and set its password.
Log in CMS with created user and try to change password.
The text was updated successfully, but these errors were encountered: