Mahara

Ensure all new users without passwords have salt set

Bug #799594 reported by Richard Mansfield on 2011-06-20

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	Mahara	Fix Released	Medium	Richard Mansfield	Mahara 1.5.0

Bug Description

When an admin creates a new user on the site, we always ensure that the user is created with random salt, and either has an empty password or their password encrypted with the salt, depending on the auth method.

To make sure this is true for new users created by other methods (registration, xmlrpc), we can move the function to encrypt the password into the create_user() function and avoid some duplication.

Richard Mansfield (richard-mansfield) on 2011-06-20

Changed in mahara:
status:	New → In Progress

Revision history for this message

François Marier (fmarier) wrote on 2011-06-20:

This is really good stuff and it deserves a higher priority ;)

Changed in mahara:
importance:	Low → Medium

Revision history for this message

Mahara Bot (dev-mahara) wrote on 2011-06-22: A change has been merged

Reviewed: https://reviews.mahara.org/350
Committed: http://gitorious.org/mahara/mahara/commit/a0d0bb239732b6171fd39d0a39ce8ed0e975eda5
Submitter: Francois Marier (<email address hidden>)
Branch: master

commit a0d0bb239732b6171fd39d0a39ce8ed0e975eda5
Author: Richard Mansfield <email address hidden>
Date: Wed Jun 15 15:29:41 2011 +1200

Move reset_password into create_user function (bug #799594)

Change-Id: I9783aab92858cf1827609497d026aebd30cad36e
Signed-off-by: Richard Mansfield <email address hidden>

François Marier (fmarier) on 2011-06-22

Changed in mahara:
status:	In Progress → Fix Committed

Revision history for this message

Mahara Bot (dev-mahara) wrote on 2011-08-11:

Reviewed: https://reviews.mahara.org/568
Committed: http://gitorious.org/mahara/mahara/commit/62842915d21e6b4b39e0aa78d60c2ae84fb30d63
Submitter: Hugh Davenport (<email address hidden>)
Branch: master

commit 62842915d21e6b4b39e0aa78d60c2ae84fb30d63
Author: Richard Mansfield <email address hidden>
Date: Tue Aug 9 12:25:49 2011 +1200

Send password in cleartext in Leap2a new account emails

    Moving password encryption into create_user() (bug #799594) broke
    new account emails for new Leap2a imported users, because Leap2a
    users are reloaded from the database before the email is sent.

Change-Id: I9b9e65b0cd92261b1b81179a3828ee644fb82785
Signed-off-by: Richard Mansfield <email address hidden>

Melissa Draper (melissa) on 2012-04-18

Changed in mahara:
status:	Fix Committed → Fix Released

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.