View Issue Details

IDProjectCategoryView StatusLast Update
0017786phplist applicationAuthentication Systempublic07-11-15 15:55
Reportersd3pk3 
PrioritynormalSeverityminorReproducibilityalways
Status resolvedResolutionfixed 
Product Version3.0.12 
Target VersionNeeds more infoFixed in Version3.2.2 
Summary0017786: Reset password for non superadmin admin without permission “change settings”
DescriptionReset password for non superadmin admin without permission “change settings” is not possible.
Steps To Reproduce1. Create a non-superadmin without permission "change settings"
2. Send token to set password
3. Set password and check login (should work)
4. Send token to reset password again
5. Login fails
TagsNo tags attached.

Activities

michiel

11-08-15 08:48

manager   ~0056595

ah, interesting. That would be good to check.

michiel

06-11-15 14:02

manager   ~0057152


I tried this, but it only fails when you follow the link in the email. If you don't it works fine.

1. Create a non-superadmin without permission "change settings"
2. Send token to set password
3. Set password and check login (should work)
4. Send token to reset password again

5.1 do not click the link in the email -> login continues to work

5.2 click the link in the email, but do not change the password -> login stops working

5.3 click the link in the email and change password -> login works again (with the new password).

I think that's expected functionality.

sd3pk3

07-11-15 14:28

reporter   ~0057163

Thank you for checking, I could reproduce step 5.1. to 5.3. in Version 3.2.1., I am very sure that 5.3. did not work in Version 3.0.12 because many people from our team tried it and failed.

michiel

07-11-15 15:55

manager   ~0057164

thanks, so we can consider it resolved. I don't think anything changed in this area, but at least it's ok now.