Bug 782981 – [RFE] Form based auth page needs to support password changes too

Bugzilla will be upgraded to version 5.0. The upgrade date is tentatively scheduled for 2 December 2018, pending final testing and feedback.

Bug 782981 - [RFE] Form based auth page needs to support password changes too

Summary:	[RFE] Form based auth page needs to support password changes too

Status:	CLOSED ERRATA

Aliases:	None

Product:	Red Hat Enterprise Linux 6
Classification:	Red Hat
Component:	ipa (Show other bugs)
Sub Component:
Version:	6.3
Hardware:	Unspecified Unspecified

Priority	high Severity unspecified
Target Milestone:	rc
Target Release:	---
Assigned To:	Rob Crittenden
QA Contact:	Namita Soman
Docs Contact:

URL:
Whiteboard:
Keywords:	FutureFeature

Depends On:
Blocks:
	Show dependency tree / graph

Reported:	2012-01-18 19:50 EST by Dmitri Pal
Modified:	2013-02-21 04:09 EST (History)
CC List:	4 users (show)

See Also:
Fixed In Version:	ipa-3.0.0-1.el6
Doc Type:	Enhancement
Doc Text:	Feature: Allow Identity Management Web UI users to change their reset or expired passwords. Reason: Identity Management Web UI users had to log on to client machines enrolled in Identity Management in order to be able update their reset or expired passwords. Result (if any): When Identity Management user with a reset or expired password logs to Web UI, the UI allows him to change the expired password and thus successfully authenticate and connect to Identity Management Web UI.
Story Points:	---
Clone Of:
Environment:
Last Closed:	2013-02-21 04:09:20 EST
Type:	---
Regression:	---
Mount Type:	---
Documentation:	---
CRM:
Verified Versions:
Category:	---
oVirt Team:	---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

External Trackers
Tracker	ID	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2013:0528	normal	SHIPPED_LIVE	Low: ipa security, bug fix and enhancement update	2013-02-21 03:22:21 EST

Groups: None (edit)

Description Dmitri Pal 2012-01-18 19:50:57 EST

This bug is created as a clone of upstream ticket:
https://fedorahosted.org/freeipa/ticket/2276

When we will activate form based auth we need to allow for password changes through the same interface.

Not a critical feature for the first pass, but if that's the main interface for some users then password changes need to be supported.

Comment 1 Rob Crittenden 2012-06-12 16:27:01 EDT

Fixed upstream.

master: d1e695b5d0323167d37eee340718eb5e65138716

For command-line based tests the URI is /ipa/session/change_password

You need to do a POST and provide user, old_password and new_password.

The password result is passed both in the resulting HTML page, but also in HTTP headers for easier parsing in web services:
  X-IPA-Pwchange-Result: {ok, invalid-password, policy-error, error}
 (optional) X-IPA-Pwchange-Policy-Error: $policy_error_text

Comment 2 Petr Vobornik 2012-06-22 05:01:25 EDT

Web UI part implemented upstream. https://fedorahosted.org/freeipa/ticket/2755

master:

 * 1eab43d29244f6e0b8d6f3146317624715d84af7
 * 37b7b28993552a6ab0fe22fc599c3c5fe8362fe3

Comment 4 Xiyang Dong 2012-11-26 14:45:02 EST

Verifying

Comment 5 Xiyang Dong 2012-11-27 15:52:15 EST

ipa version:

ipa-server-3.0.0-8.el6.x86_64

how to verify:
1.create a new user and login .
2.Add an assertTrue method to assert that with a new user ,it requires to reset password and able to login with the new password at form based auth page.
3.delete the user.

Comment 7 errata-xmlrpc 2013-02-21 04:09:20 EST

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHSA-2013-0528.html

Note You need to log in before you can comment on or make changes to this bug.