In-Portal Issue Tracker

Welcome to the In-Portal Open Source CMS Issue Tracker! This is a central management / tracking tool for all types of tasks / issues / bugs for the In-Portal Project. Before reporting any issues, please make sure to read the Guide into Issue Tracker and How to Properly Test and Report Bugs!

Viewing Issue Simple Details Jump to Notes ] Wiki ]  Related Changesets ] View Advanced ] Issue History ] Print ]
ID Category Type Reproducibility Date Submitted Last Update
0000657 [In-Portal CMS] Admin Interfaces feature request N/A 2010-03-27 17:14 2012-07-25 05:32
Reporter Dmitry View Status public Project Name In-Portal CMS
Assigned To alex Developer
Priority normal Resolution fixed Fixed in Version 5.2.0-B1
Status closed Product Version 5.0.3-B1 Target Version 5.2.0
Time EstimateNo estimate
Summary 0000657: Ability to Reset ROOT password to access Admin Console
Description I think it's time to think and implement the ability to reset ROOT
password by email or something else.

We are coming across this issue from time to time. I know can change
it by hand directly in DB, but it's not the easiest way for users so
we should come up with easy and save way of doing it.

My proposal is:

When DBG_RESET_ROOT option is enabled (new - needs to be added) we can
show additional Link right below Login form which will email the
password to website administrator (email specified as main email
address for the website).

Since password for ROOT user is not lost on a daily basis this should
do the work.
Additional Information Plan:
1. create new ROOT.RESET.PASSWORD email event (Type = Admin); see other email events with this type to determine what values should be placed in other fields
2. export newly created record from Events table into install/upgrades.sql and install/install_data.sql (make sure, that there are no translatable columns present in insert statement, see other events in install_data.sql to get idea)
3. Event text could be: "Your new password is: <inp2:m_Get name="root_password"/>"
1. create u:OnResetRootPassword event, that would use
- kUtil::generatePassword method to generate new password
- kPasswordFormatter::EncryptPassword with proper salt (see user event handler) to encrypt password
- kApplication::SetConfigValue to change RootPass configuration variable value
- send newly create e-mail event to admin via kApplication::EmailEventAdmin method
- do $event->SetRedirectParam('reset', 1)
4. in UsersEventHandler::CheckPermission method allow that event execution only, when DBG_RESET_ROOT constant is defined & set (e.g. defined('DBG_RESET_ROOT') && DBG_RESET_ROOT)
5. add a "Reset "root" password" link (will be a phrase) under admin login form, when DBG_RESET_ROOT constant is defined & set
6. once link from above is clicked, then call u:OnResetRootPassword event
7. add a check for "reset" url parameter via m_if tag to login template and display nice alert message, like "Your "root" password has been reset. Please remove DBG_RESET_ROOT constant and check your e-mail address."
8. do language pack export & merge to install/english.lang
9. do install/upgrade to verify that database content after upgrade/install will match the on you've create right now

------------
Hours:
1. new e-mail event - 1 h
2. new event - 0.5 h
3. template modifications - 0.5 h
4. install/upgrade/export stuff - 1 h

----

total: 3 h

Tags No tags attached.
Reference http://groups.google.com/group/in-portal-dev/browse_thread/thread/9d3a9f7e8a0e070
Change Log Message Added ability to reset Root password
Estimate Points 1
Attached Files patch file icon reset_root_password_657.patch [^] (7,159 bytes) 2011-10-03 10:28 [Show Content]
patch file icon reset_root_password_657.2.patch [^] (6,866 bytes) 2011-10-04 10:54 [Show Content]
patch file icon root_password_reset_v3.patch [^] (12,640 bytes) 2011-10-05 07:08 [Show Content]
patch file icon reset_root_password_only_in_debug_mode.patch [^] (1,159 bytes) 2011-12-13 03:44 [Show Content]

- Relationships Relation Graph ] Dependency Graph ]

-  Notes
User avatar (0003970)
erik (manager)
2011-10-03 10:29

Patch attached - needs testing
User avatar (0003977)
alex (manager)
2011-10-03 12:10

1. Phrase "la_msg_YourRootPasswordHasBeenResetPleaseRemoveDbgResetRootConstantAndCheckYourEmailAddress" could shorter (phrase name, not translation), e.g. "la_msg_RootPasswordWasReset"

2. In OnResetRootPassword event "/* @var" line isn't properly tabulated

3. You have "Strip Trailing Spaces on Save" option disabled in Editor settings resulting empty lines looks like "TABTABTAB" instead of really empty line. Please enable this option and re-save file for useless tabs to be stripped.

4. Please add empty line before recallObject statements too (and all statements, that have /* @var after them.

5. Pass password as email event parameter, not a global var:
- $send_params parameter of EmailEventAdmin method - Array ('password' => $new_root_password)
- <inp2:m_Param name="password"/> inside e-mail event translation.

6. Please add sqls in upgrades.sql in the chronological order - at the end of file under current version. Not between other sqls. This will ease this version merging process in SVN.

7. Please remove trailing spaces after OnResetRootPassword event permission checking.
User avatar (0004006)
erik (manager)
2011-10-04 10:56

reset_root_password_657.2.patch attached - needs testing
User avatar (0004012)
alex (manager)
2011-10-05 07:09
edited on: 2011-10-05 07:11

Reviewed & tested in general, but I've fixed some things in "root_password_reset_v3.patch" patch:
-------------------------------------------------------------------------------------------------
1. "your password was reset" alert and "reset password" link now aren't shown at same time

2. phrase name wasn't renamed in "your password was reset" alert and it wasn't escaped in JS in case of missing phrase translation

3. event u:OnResetPassword now don't add "u" prefix to the url after being called

4. different SQLs were used in install/upgrade scripts to insert Event record

5. AllowChangeSender was set to 0, while it is set to 1 for all current events, that doesn't have any sender-specific behavior added

6. constant DBG_RESET_ROOT was added to tools/debug_sample.php with a comment on how it should be used

User avatar (0004013)
alex (manager)
2011-10-05 07:10

Fix committed to 5.2.x branch. Commit Message:

Fixes 0000657: Ability to Reset ROOT password to access Admin Console
Commit on behalf of Erik
User avatar (0004239)
Dmitry (manager)
2011-12-09 16:08

I have found a glitch in this feature.

If I disable DBG, but keep RESET in Query it will be resetting password by passing OnResetRootPassword if DBG_RESET_ROOT is left enabled.

I propose to check if DBG is also enable along with DBG_RESET_ROOT.

What do you think?
User avatar (0004241)
alex (manager)
2011-12-12 02:46

Nope, since all constants defined above $dbg_options array are defined this way to work even in case, when debug mode is turned off too, e.g. DBG_REQUREST_LOG, DBG_CURL, etc.

And ability to reset password isn't related to fact, that debug mode is enabled. Only link is constant location in debug.php file, but again not all constants from that file are related to debug mode at all.
User avatar (0004246)
Dmitry (manager)
2011-12-12 18:05

Let's move DBG_RESET_ROOT under Debug options
User avatar (0004250)
alex (manager)
2011-12-13 03:45

Patch "reset_root_password_only_in_debug_mode.patch" adds additional protection in case if Administrator will forget to comment-out DBG_RESET_ROOT constant after using it.

Now all "root" user password reset functionality will be enabled only, when Debug Mode is enabled (before this patch it was always enabled, once DBG_RESET_ROOT constant is defined in debug.php file).
User avatar (0004251)
alex (manager)
2011-12-13 03:46

Will test all together later.
User avatar (0004252)
alex (manager)
2011-12-13 03:47

Fix committed to 5.2.x branch. Commit Message:

Fixes 0000657: Ability to Reset ROOT password to access Admin Console
1. adds additional protection in case if Administrator will forget to comment-out DBG_RESET_ROOT constant after using it
User avatar (0005026)
alex (manager)
2012-07-25 05:32

Since 5.2.0 version was released.

- Related Changesets
In-Portal CMS: 5.2.x r14862
Timestamp: 2011-12-13 03:47:00
Author: alex
Details ] Diff ]
Fixes 0000657: Ability to Reset ROOT password to access Admin Console
1. adds additional protection in case if Administrator will forget to comment-out DBG_RESET_ROOT constant after using it
mod - /in-portal/branches/5.2.x/tools/debug_sample.php Diff ] File ]
In-Portal CMS: 5.2.x r14633
Timestamp: 2011-10-05 07:10:41
Author: alex
Details ] Diff ]
Fixes 0000657: Ability to Reset ROOT password to access Admin Console
Commit on behalf of Erik
mod - /in-portal/branches/5.2.x/core/admin_templates/login.tpl Diff ] File ]
mod - /in-portal/branches/5.2.x/core/install/english.lang Diff ] File ]
mod - /in-portal/branches/5.2.x/core/install/install_data.sql Diff ] File ]
mod - /in-portal/branches/5.2.x/core/install/upgrades.sql Diff ] File ]
mod - /in-portal/branches/5.2.x/core/units/users/users_event_handler.php Diff ] File ]
mod - /in-portal/branches/5.2.x/tools/debug_sample.php Diff ] File ]

- Issue History
Date Modified Username Field Change
2012-07-25 05:32 alex Note Added: 0005026
2012-07-25 05:32 alex Status resolved => closed
2011-12-13 03:47 alex Note Added: 0004252
2011-12-13 03:47 alex Status reviewed and tested => resolved
2011-12-13 03:47 alex Resolution reopened => fixed
2011-12-13 03:47 alex Assigned To !COMMUNITY => alex
2011-12-13 03:47 alex Changeset attached 5.2.x r14862
2011-12-13 03:46 alex Note Added: 0004251
2011-12-13 03:46 alex Status needs testing => reviewed and tested
2011-12-13 03:46 alex Assigned To alex => !COMMUNITY
2011-12-13 03:46 alex Developer erik => alex
2011-12-13 03:46 alex Status needs feedback => needs testing
2011-12-13 03:45 alex Note Added: 0004250
2011-12-13 03:44 alex File Added: reset_root_password_only_in_debug_mode.patch
2011-12-12 18:05 Dmitry Note Added: 0004246
2011-12-12 18:05 Dmitry Status resolved => needs feedback
2011-12-12 18:05 Dmitry Resolution fixed => reopened
2011-12-12 02:46 alex Status needs feedback => resolved
2011-12-12 02:46 alex Resolution reopened => fixed
2011-12-12 02:46 alex Note Added: 0004241
2011-12-09 16:08 Dmitry Note Added: 0004239
2011-12-09 16:08 Dmitry Status resolved => needs feedback
2011-12-09 16:08 Dmitry Resolution fixed => reopened
2011-10-22 05:31 alex Estimate Points => 1
2011-10-05 07:11 alex Note Edited: 0004012 View Revisions
2011-10-05 07:10 alex Note Added: 0004013
2011-10-05 07:10 alex Status reviewed and tested => resolved
2011-10-05 07:10 alex Fixed in Version => 5.2.0-B1
2011-10-05 07:10 alex Resolution open => fixed
2011-10-05 07:10 alex Assigned To !COMMUNITY => alex
2011-10-05 07:10 alex Changeset attached 5.2.x r14633
2011-10-05 07:09 alex Note Added: 0004012
2011-10-05 07:09 alex Assigned To alex => !COMMUNITY
2011-10-05 07:09 alex Status needs testing => reviewed and tested
2011-10-05 07:08 alex File Added: root_password_reset_v3.patch
2011-10-04 10:56 erik Note Added: 0004006
2011-10-04 10:56 erik Assigned To erik => alex
2011-10-04 10:56 erik Status needs work => needs testing
2011-10-04 10:54 erik File Added: reset_root_password_657.2.patch
2011-10-03 12:10 alex Note Added: 0003977
2011-10-03 12:10 alex Assigned To alex => erik
2011-10-03 12:10 alex Status needs testing => needs work
2011-10-03 10:29 erik Time Estimate Removed 3 =>
2011-10-03 10:29 erik Note Added: 0003970
2011-10-03 10:29 erik Assigned To erik => alex
2011-10-03 10:29 erik Developer => erik
2011-10-03 10:29 erik Status needs work => needs testing
2011-10-03 10:28 erik File Added: reset_root_password_657.patch
2011-10-03 10:28 erik File Deleted: reset_root_password_657.patch
2011-10-03 10:19 erik File Added: reset_root_password_657.patch
2011-09-26 03:52 alex Time Estimate Added 3
2011-09-26 03:52 alex Additional Information Updated View Revisions
2011-09-25 09:28 Dmitry Change Log Message => Added ability to reset Root password
2011-09-25 09:28 Dmitry Assigned To => erik
2011-09-25 09:28 Dmitry Status active => needs work
2011-09-25 09:28 Dmitry Target Version Icebox => 5.2.0
2010-03-27 17:18 alex Reporter alex => Dmitry
2010-03-27 17:14 alex New Issue
2010-03-27 17:14 alex Reference => http://groups.google.com/group/in-portal-dev/browse_thread/thread/9d3a9f7e8a0e070



Web Development by Intechnic
In-Portal Open Source CMS
In-Portal Open Source CMS
Copyright © 2000 - 2009 MantisBT Group

Powered by Mantis Bugtracker