Moodle

Users cannot login when accounts are created with strong password using csv upload

Details

  • Type: Bug Bug
  • Status: Closed Closed
  • Priority: Major Major
  • Resolution: Fixed
  • Affects Version/s: 1.9.6
  • Fix Version/s: 1.9.7
  • Component/s: Authentication
  • Labels:
    None
  • Database:
    MySQL
  • Affected Branches:
    MOODLE_19_STABLE
  • Fixed Branches:
    MOODLE_19_STABLE

Description

to recreate:

Create csv with users
Passwords in file to conform with default password policy
Upload to create new accounts.
attempt to login in as new user.
login fails

Additional information:
Create csv with users
Passwords in file that does NOT conform with default password policy
Upload to create new accounts.
Attempt to login in as new user.
Login succeeds - user prompted for new password.

Activity

Ascending order - Click to sort in descending order
Hide
Permalink
Frank Ralf added a comment -

I think this is the same problem after today's update via CVS of my local development machine.

I still can login as admin using my old password (which doesn't confirm to any password policy as this is only a local development installation after all) but are prompted to change my password again and again - to no avail (see screenshot)

Show
Frank Ralf added a comment - I think this is the same problem after today's update via CVS of my local development machine. I still can login as admin using my old password (which doesn't confirm to any password policy as this is only a local development installation after all) but are prompted to change my password again and again - to no avail (see screenshot)
Hide
Permalink
Petr Škoda (skodak) added a comment -

confirming, the code logic is wrong

Show
Petr Škoda (skodak) added a comment - confirming, the code logic is wrong
Hide
Permalink
Petr Škoda (skodak) added a comment -

I have found a logic problem in the code, the first weak password was forcing change of all subsequent users in the file.
the changing of passwords works fine for me, it might be a separate problem

thanks for the report

Show
Petr Škoda (skodak) added a comment - I have found a logic problem in the code, the first weak password was forcing change of all subsequent users in the file. the changing of passwords works fine for me, it might be a separate problem thanks for the report
Hide
Permalink
Ray Lawrence added a comment -

Petr,

I started with the strong password.

Show
Ray Lawrence added a comment - Petr, I started with the strong password.
Hide
Permalink
Petr Škoda (skodak) added a comment -

does it work fine for you now? if not, are you able to replicate the problem on another site?

Show
Petr Škoda (skodak) added a comment - does it work fine for you now? if not, are you able to replicate the problem on another site?
Hide
Permalink
Ray Lawrence added a comment -

It works on updated site. Thanks.

Show
Ray Lawrence added a comment - It works on updated site. Thanks.
Hide
Permalink
Frank Ralf added a comment -

My problem seems to persist even after updating today to 1.9.7 (Build: 20091126).

Which CVS branch is the most current one I should use for testing:
19_BETA, 19_CLI, 19_MERGED, 19_STABLE, 19_WEEKLY?

Can I disable the password policy somehow directly in the database?

Show
Frank Ralf added a comment - My problem seems to persist even after updating today to 1.9.7 (Build: 20091126). Which CVS branch is the most current one I should use for testing: 19_BETA, 19_CLI, 19_MERGED, 19_STABLE, 19_WEEKLY? Can I disable the password policy somehow directly in the database?
Hide
Permalink
Petr Škoda (skodak) added a comment -

MOODLE_19_STABLE is the branch with last code, MOODLE_19_WEEKLY is the recommended tag for updating via CVS.
You can force most setting by hardcoding values in config.php

Show
Petr Škoda (skodak) added a comment - MOODLE_19_STABLE is the branch with last code, MOODLE_19_WEEKLY is the recommended tag for updating via CVS. You can force most setting by hardcoding values in config.php
Hide
Permalink
Frank Ralf added a comment -

I did a fresh install of Moodle 1.9.7 (Build: 20091126) with an empty database which worked alright.

The only difference to 1.9.6 I noticed was the $CFG->passwordsaltmain = '3nKMDLHM^<7<z k^c65?TL-&P,.Hfd!6'; entry in config.php.

And in 1.9.7 Password Policy is enforced by default. I checked manually that passwordpolicy was indeed set to 0 in the old database. I fiddled around a bit with those password settings but to no avail.

My conclusion is that the code base is OK but there must be some permissions setting in the old database for the admin user which forces him to change his password again and again. But changing the password doesn't seem to work either, even when following the password policy rules. So he's stuck.

Show
Frank Ralf added a comment - I did a fresh install of Moodle 1.9.7 (Build: 20091126) with an empty database which worked alright. The only difference to 1.9.6 I noticed was the $CFG->passwordsaltmain = '3nKMDLHM^<7<z k^c65?TL-&P,.Hfd!6'; entry in config.php. And in 1.9.7 Password Policy is enforced by default. I checked manually that passwordpolicy was indeed set to 0 in the old database. I fiddled around a bit with those password settings but to no avail. My conclusion is that the code base is OK but there must be some permissions setting in the old database for the admin user which forces him to change his password again and again. But changing the password doesn't seem to work either, even when following the password policy rules. So he's stuck.

People

Vote (1)
Watch (2)

Dates

  • Created:
    Updated:
    Resolved:
Atlassian JIRA (v4.4.3#663-r165197) | Report a problem
Powered by a free Atlassian JIRA open source license for Moodle. Try JIRA - bug tracking software for your team.