Bug 782981 - [RFE] Form based auth page needs to support password changes too
Summary: [RFE] Form based auth page needs to support password changes too
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: ipa
Version: 6.3
Hardware: Unspecified
OS: Unspecified
high
unspecified
Target Milestone: rc
: ---
Assignee: Rob Crittenden
QA Contact: Namita Soman
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2012-01-19 00:50 UTC by Dmitri Pal
Modified: 2018-11-30 21:44 UTC (History)
4 users (show)

Fixed In Version: ipa-3.0.0-1.el6
Doc Type: Enhancement
Doc Text:
Feature: Allow Identity Management Web UI users to change their reset or expired passwords. Reason: Identity Management Web UI users had to log on to client machines enrolled in Identity Management in order to be able update their reset or expired passwords. Result (if any): When Identity Management user with a reset or expired password logs to Web UI, the UI allows him to change the expired password and thus successfully authenticate and connect to Identity Management Web UI.
Clone Of:
Environment:
Last Closed: 2013-02-21 09:09:20 UTC
Target Upstream Version:


Attachments (Terms of Use)


Links
System ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2013:0528 normal SHIPPED_LIVE Low: ipa security, bug fix and enhancement update 2013-02-21 08:22:21 UTC

Description Dmitri Pal 2012-01-19 00:50:57 UTC
This bug is created as a clone of upstream ticket:
https://fedorahosted.org/freeipa/ticket/2276

When we will activate form based auth we need to allow for password changes through the same interface.

Not a critical feature for the first pass, but if that's the main interface for some users then password changes need to be supported.

Comment 1 Rob Crittenden 2012-06-12 20:27:01 UTC
Fixed upstream.

master: d1e695b5d0323167d37eee340718eb5e65138716

For command-line based tests the URI is /ipa/session/change_password

You need to do a POST and provide user, old_password and new_password.

The password result is passed both in the resulting HTML page, but also in HTTP headers for easier parsing in web services:
  X-IPA-Pwchange-Result: {ok, invalid-password, policy-error, error}
 (optional) X-IPA-Pwchange-Policy-Error: $policy_error_text

Comment 2 Petr Vobornik 2012-06-22 09:01:25 UTC
Web UI part implemented upstream. https://fedorahosted.org/freeipa/ticket/2755

master:

 * 1eab43d29244f6e0b8d6f3146317624715d84af7
 * 37b7b28993552a6ab0fe22fc599c3c5fe8362fe3

Comment 4 Xiyang Dong 2012-11-26 19:45:02 UTC
Verifying

Comment 5 Xiyang Dong 2012-11-27 20:52:15 UTC
ipa version:

ipa-server-3.0.0-8.el6.x86_64

how to verify:
1.create a new user and login .
2.Add an assertTrue method to assert that with a new user ,it requires to reset password and able to login with the new password at form based auth page.
3.delete the user.

Comment 7 errata-xmlrpc 2013-02-21 09:09:20 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHSA-2013-0528.html


Note You need to log in before you can comment on or make changes to this bug.