U4-2464 - Single user protection, password not changeable!

Created by Jan Brinker 04 Jul 2013, 16:23:06 Updated by Sebastiaan Janssen 26 Aug 2013, 11:57:17

In the backend you can set a single user protection for a node, but changes to the login-data never get applied once they're set. Not even removing the protection and creating a new one. The old login-data is still used to validate login-attempts.

I encountered this problem when using this code to create a login-form and to validate it: http://24days.in/umbraco/2012/creating-a-login-form-with-umbraco-mvc-surfacecontroller/

The page on which I found the bug runs 6.1.2, I wanted to try if my 6.0.7-installation is also affected, but apparently the code of my login-form does not work. So for now I can only say that 6.1.2 is affected.

I also posted this issue on the our.umbraco boards: http://our.umbraco.org/forum/ourumb-dev-forum/bugs/42838-Single-user-protection,-password-not-changeable!

Comments

Sebastiaan Janssen 18 Jul 2013, 13:51:38

Just as a workaround, you can change the password in the members section, a member has been created for the username you provided.


Sebastiaan Janssen 18 Jul 2013, 14:08:55

Actually, that might not work immediately as the member doesn't get an email address, so updating the member fails. In 6.1.3 it won't fail any more but the workaround for now is to enter an email address (or any text in the email field) for that member.


Jan Brinker 18 Jul 2013, 14:14:14

Will test it today or tomorrow. But the site doesn't have to be ready before 6.1.3 comes anyway :) Also had some database problems with that site, so I was getting suspicious if that might have caused some issues. That will be done tomorrow aswell. If it was some database-related problem I'll write something in here.


Sebastiaan Janssen 18 Jul 2013, 14:29:16

FYI I haven't had time to test the actual issue yet, so I'm not sure if I can reproduce it. Will wait for your further tests! :-)


Sebastiaan Janssen 26 Aug 2013, 11:57:06

Fixed in revision ee4312b7f2e39bbfb91516d457bf5e136d0c8cab


Priority: Normal

Type: Bug

State: Fixed

Assignee:

Difficulty: Normal

Category: Security

Backwards Compatible: True

Fix Submitted:

Affected versions: 6.1.2

Due in version: 6.2.0

Sprint:

Story Points:

Cycle: