[jira] (MRM-1690) User & password management broken

[Jeff Vincent (JIRA)]

     [ 
https://jira.codehaus.org/browse/MRM-1690?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Jeff Vincent closed MRM-1690.
-----------------------------

       Resolution: Not A Bug
    Fix Version/s: 1.4-M3

My bad.  Due to the derbydb/ folder and files being owned by root:root instead 
of tomcat:tomcat, the changes wouldn't persist.

In addition, I had a bad value in security.properties:

security.policy.password.previous.count=0

causing a call to sublist(0,-1) to choke in  
DefaultUserSecurityPolicy.java:lines[327-329] 


                
> User & password management broken
> ---------------------------------
>
>                 Key: MRM-1690
>                 URL: https://jira.codehaus.org/browse/MRM-1690
>             Project: Archiva
>          Issue Type: Bug
>          Components: Users/Security
>    Affects Versions: 1.4-M3
>         Environment: Archiva Server: Apache Tomcat 6
> OS: CentOS 6.2
> Client:  Windows 7/Chrome (latest) and FireFox 15.0.1 and IE 9.0.10 (except 
> IE hangs when loading the home page)
>            Reporter: Jeff Vincent
>            Priority: Critical
>             Fix For: 1.4-M3
>
>
> 1) Can't create new users.  Filling in the form and clicking save does 
> nothing.  The dialog stays open.  (Attempted w/ Chrome&FF, couldn't get IE to 
> open the home page)
> 2) I'm having problems setting the password for the admin user (possibly 
> others, but I don't want to touch other accounts and I can't create new 
> ones).  The reset password process didn't send me an e-mail.  
> Initially after the upgrade from 1.4-M2, I had forgotten the 'admin' password 
> and eventually got a prompt (not sure how) to change the password but it 
> didn't seem to do anything.
> I also tried clicking "Forgot Password" and it put a banner at the top of the 
> page saying "Password reset", but it wasn't clear what that meant.  I think 
> maybe it was supposed to send an email.  If so, maybe the message needs to 
> say that.  
> However, I never got an e-mail.
> I ended up copying the derby database files to my local system and using 
> SquirreL SQL client to open up and copy a known encrypted password value from 
> another user.
> After logging in using the copied password, I attempted to change the 'admin' 
> password.  I click "Edit Details", entered my existing password and new 
> password info.  When I click "Ok". It appears to do nothing.  The dialog 
> stays open and no password is set.  

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: 
https://jira.codehaus.org/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira