U4-3278 - Cannot save user with re-entering passwords

Created by Per Ploug 30 Oct 2013, 20:00:53 Updated by Shannon Deminick 31 Oct 2013, 00:50:42

Password control on user, requires you to enter the old password, and it doesnt allow you to leave them blank on save. So you cannot create new users and change their password

Comments

Shannon Deminick 31 Oct 2013, 00:07:57

You can create a user normally and save them:

http://screencast.com/t/tAfX9qSPkT1g

To change their password to something, you'll need to reset it then change it (see screencast).

There's a reason for this:

  • When a user is created (even in v6) it is created with a generated password based on the membership provider
  • To change a password with a membership provider you need the current password - or you need to change the membership config to store passwords as encrypted (not hashed) and enable password retrieval - neither of these are true by default. ** So you need to reset the password so it shows you what it is, then use that password to change to what you want.

I'll change this behavior by changing the user membership provider to validate a password directly against the stored hashed password, and if that fails by hashing the passed in password and then comparing. This is very poor practice but I suppose that's what was happening before so we'll have to keep that logic.


Priority: Major

Type: Bug

State: Fixed

Assignee: Shannon Deminick

Difficulty: Normal

Category:

Backwards Compatible: True

Fix Submitted:

Affected versions: 7.0.0, 6.2.0

Due in version: 7.0.0, 6.2.0

Sprint:

Story Points:

Cycle: