Bug 782981

Summary: [RFE] Form based auth page needs to support password changes too
Product: Red Hat Enterprise Linux 6 Reporter: Dmitri Pal <dpal>
Component: ipaAssignee: Rob Crittenden <rcritten>
Status: CLOSED ERRATA QA Contact: Namita Soman <nsoman>
Severity: unspecified Docs Contact:
Priority: high    
Version: 6.3CC: jgalipea, mkosek, pvoborni, xdong
Target Milestone: rcKeywords: FutureFeature
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: ipa-3.0.0-1.el6 Doc Type: Enhancement
Doc Text:
Feature: Allow Identity Management Web UI users to change their reset or expired passwords. Reason: Identity Management Web UI users had to log on to client machines enrolled in Identity Management in order to be able update their reset or expired passwords. Result (if any): When Identity Management user with a reset or expired password logs to Web UI, the UI allows him to change the expired password and thus successfully authenticate and connect to Identity Management Web UI.
 Story Points: ---
Clone Of: Environment:
Last Closed: 2013-02-21 09:09:20 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description Dmitri Pal 2012-01-19 00:50:57 UTC 
This bug is created as a clone of upstream ticket:
https://fedorahosted.org/freeipa/ticket/2276

When we will activate form based auth we need to allow for password changes through the same interface.

Not a critical feature for the first pass, but if that's the main interface for some users then password changes need to be supported.
Comment 1 Rob Crittenden 2012-06-12 20:27:01 UTC 
Fixed upstream.

master: d1e695b5d0323167d37eee340718eb5e65138716

For command-line based tests the URI is /ipa/session/change_password

You need to do a POST and provide user, old_password and new_password.

The password result is passed both in the resulting HTML page, but also in HTTP headers for easier parsing in web services:
  X-IPA-Pwchange-Result: {ok, invalid-password, policy-error, error}
 (optional) X-IPA-Pwchange-Policy-Error: $policy_error_text
Comment 2 Petr Vobornik 2012-06-22 09:01:25 UTC 
Web UI part implemented upstream. https://fedorahosted.org/freeipa/ticket/2755

master:

 * 1eab43d29244f6e0b8d6f3146317624715d84af7
 * 37b7b28993552a6ab0fe22fc599c3c5fe8362fe3
Comment 4 Xiyang Dong 2012-11-26 19:45:02 UTC 
Verifying
Comment 5 Xiyang Dong 2012-11-27 20:52:15 UTC 
ipa version:

ipa-server-3.0.0-8.el6.x86_64

how to verify:
1.create a new user and login .
2.Add an assertTrue method to assert that with a new user ,it requires to reset password and able to login with the new password at form based auth page.
3.delete the user.
Comment 7 errata-xmlrpc 2013-02-21 09:09:20 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHSA-2013-0528.html