Details

    • Branch Version/s:
      6.1.x
    • Backported to Branch:
      Committed
    • Similar Issues:
      Show 2 results 

      Description

      In the password policies, you can set the reset ticket max age to eternal. This implies that the ticket send to the user for a password reset is always valid. However once a reset is requested, then the reset link send by mail, will not forward the user to the password reset screen and the ticket is removed from the database.

      In the file /portal-web/html/potlet/password_policies_admin/edit_password_policy.jsp, the reset max age is set to 0.

      This is calculated with in UserLocalServiceImpl class in the sendPassword method:
      Date expirationDate = new Date(System.currentTimeMillis() + (passwordPolicy.getResetTicketMaxAge() * 1000)); (line 3222)

      The expiration date is set to the current date. The link is send to the user. After clicking it, the link is processed in UpdatePasswordAction class, where the ticket is checked for expiration (line 121) where it will always fail because it is before the current datetime.

        Activity

        Hide
        Michael Saechang added a comment -

        Committed on:
        Portal 6.1.x CE GIT ID: a56304b35a9f07795fc259ee0a59294a98ab0ef9.
        Portal 6.2.x GIT ID: 17d712db3713217ee9fd7d98b76b63053ae7aca0.

        Show
        Michael Saechang added a comment - Committed on: Portal 6.1.x CE GIT ID: a56304b35a9f07795fc259ee0a59294a98ab0ef9. Portal 6.2.x GIT ID: 17d712db3713217ee9fd7d98b76b63053ae7aca0.
        Hide
        Sharry Shi added a comment -

        PASSED Manual Testing using the following steps:

        1. Login as admin.
        2. Go to Control Panel.
        3. Click at Password Policies under Portal.
        4. Edit the Default Password Policy, change the Reset Ticket Max Age as Eternal.
        5. Setup the Mail in Server Administration.
        6. Create a new user with an registed gmail Email Address.
        7. Sign out.
        8. Click At Forgot Password.
        9. Fill the new user's gmail address in the Email Address field,and fill the same number in Text Verification as picture.
        10. Change your local time to the future.
        11. Login your gmail, check the email from Joe Bloggs.
        12. Click the link in your email.

        Reproduced on:
        Tomcat 7.0 + MySQL 5. Portal 6.2.x GIT ID: 9d36ccf60637ddb1db9cdb449dbc94c18a241f83.

        The Password reset link can not navigate to password reset page.

        Fixed on:
        Tomcat 7.0 + MySQL 5. Portal 6.1.x.CE GIT ID: 7d73bea60eeab31ac1cf4a3270dc0f916ce1fd44.
        Tomcat 7.0 + MySQL 5. Portal 6.1.x.EE GIT ID: 94f8f37a1fe7df90fe4603c7e072ffe80f96c05d.
        Tomcat 7.0 + MySQL 5. Portal 6.2.x GIT ID: abae10ad2e421868e4e238b9693a783b414091ce.

        The Password reset link navigates user to the password reset page.

        Show
        Sharry Shi added a comment - PASSED Manual Testing using the following steps: Login as admin. Go to Control Panel. Click at Password Policies under Portal. Edit the Default Password Policy, change the Reset Ticket Max Age as Eternal. Setup the Mail in Server Administration. Create a new user with an registed gmail Email Address. Sign out. Click At Forgot Password. Fill the new user's gmail address in the Email Address field,and fill the same number in Text Verification as picture. Change your local time to the future. Login your gmail, check the email from Joe Bloggs. Click the link in your email. Reproduced on: Tomcat 7.0 + MySQL 5. Portal 6.2.x GIT ID: 9d36ccf60637ddb1db9cdb449dbc94c18a241f83. The Password reset link can not navigate to password reset page. Fixed on: Tomcat 7.0 + MySQL 5. Portal 6.1.x.CE GIT ID: 7d73bea60eeab31ac1cf4a3270dc0f916ce1fd44. Tomcat 7.0 + MySQL 5. Portal 6.1.x.EE GIT ID: 94f8f37a1fe7df90fe4603c7e072ffe80f96c05d. Tomcat 7.0 + MySQL 5. Portal 6.2.x GIT ID: abae10ad2e421868e4e238b9693a783b414091ce. The Password reset link navigates user to the password reset page.

          People

          • Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:
              Days since last comment:
              3 years, 10 weeks, 2 days ago

              Development

                Subcomponents

                  Structure Helper Panel