#139 A User can no longer change his/her own password

v2.4
closed-fixed
None
8
2014-05-13
2014-01-31
Tim Parkinson
No

This only applies to local_db AuthN.
On the RSC Trial instance, I (as Admin) set up some users and sent them temporary passwords.
I advised them all to change their passswords but they all said they could not.
I can't change mine either (by the Change Password link).
But I can change passwords from the Admin page edit user link.

Is this a bug or a misconfiguration?
Needs fixing.

Discussion

  • Tim Parkinson
    Tim Parkinson
    2014-01-31

    • assigned_to: David R Newman
     
  • David R Newman
    David R Newman
    2014-02-02

    This seems to be a problem with the interaction between rewrite rules and multiviews. If multiviews were turned off, pages like /dashboard would stop working as you would have to explicitly ask for /dashboard.php. However, if it is left on if there is a file that exists that matches part of the path of the url then multiviews will modify the path. E.g. /user/bob -> /user.php/bob. This then means that the rewrite rules that rewrites /user/bob -> /user.php?uri=bob will not be executed.

    The simplest and least intrusive way to fix this is to move user.php to its own folder, i.e. move user.php user/index.php. Then you need to edit the user/index.php to have change the php includes that have relative paths and modify the rewrite rule in .htaccess to RewriteRule ^user/(.+)$ /user/index.php?uri=$1 [L,QSA].

     
  • David R Newman
    David R Newman
    2014-02-02

    This bug has been fixed in r734. Instances installed using the labtrove deb package need to be upgraded with:

    apt-get update
    apt-get install labtrove

    (apt-get install make sure only this package is upgraded).

     
  • Tim Parkinson
    Tim Parkinson
    2014-05-13

    • status: open --> closed-fixed
     
  • Tim Parkinson
    Tim Parkinson
    2014-05-13

    Deployed on rscchemtrove.liberata.com where it matters.