[jira] [Resolved] (GUACAMOLE-1152) Enabling skip-if-unavailable breaks expired password change

[Mike Jumper (Jira)]

     [ 
https://issues.apache.org/jira/browse/GUACAMOLE-1152?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Mike Jumper resolved GUACAMOLE-1152.
------------------------------------
    Fix Version/s: 1.3.0
       Resolution: Fixed

This should now be fixed on git master.

> Enabling skip-if-unavailable breaks expired password change
> -----------------------------------------------------------
>
>                 Key: GUACAMOLE-1152
>                 URL: https://issues.apache.org/jira/browse/GUACAMOLE-1152
>             Project: Guacamole
>          Issue Type: Bug
>          Components: guacamole-auth-jdbc-mysql
>    Affects Versions: 1.1.0, 1.2.0
>         Environment: RHEL 7.8
>            Reporter: Grigory Trenin
>            Assignee: Mike Jumper
>            Priority: Major
>             Fix For: 1.3.0
>
>
> When "skip-if-unavailable: mysql" is set in guacamole.properties, and the 
> user is trying to change his expired password, he is not prompted about 
> problems during the password change (eg: the password is not complex enough, 
> the password is blank, the password is the same as old one). Instead, the 
> user is silently logged in to Guacamole (but with no permissions) giving the 
> illusion that the password is successfully changed.
>  
> Steps to reproduce:
>  # Add the following settings to guacamole.properties. The most important one 
> is "skip-if-unavailable: mysql". If this setting is absent, password change 
> works as expected. 
> {noformat}
> mysql-user-password-min-length: 8
> mysql-user-password-require-multiple-case: true
> mysql-user-password-require-symbol: true
> mysql-user-password-require-digit: true
> mysql-user-password-prohibit-username: true
> mysql-user-password-min-age: 7
> mysql-user-password-max-age: 90
> mysql-user-password-history-size: 6
> skip-if-unavailable: mysql
> {noformat}
>  # Get some Guacamole user password expired (for example, by setting 
> password_date to a date in the past in MySQL database)
>  # Login to Guacamole with this user. You will be presented with a password 
> change prompt.
>  a) Attempt to enter a blank password (just press "Continue" button) - you 
> will be silently logged in to Guacamole instead of giving a warning that 
> blank passwords are not allowed;
>  b) Attempt to enter a password that does not meet password complexity 
> requirements - you will be silently logged in to Guacamole instead of giving 
> a warning that the password is not complex enough;
>  c) Attempt to enter the same password as an old one - you will be silently 
> logged in to Guacamole instead of giving a warning that new password must 
> differ.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)