Opened 11 years ago

Closed 11 years ago

#709 closed defect (fixed)

Changing license setting may set password to empty

Reported by: sazius Owned by:
Priority: major Milestone: 0.4.0
Component: programming Keywords:
Cc: Parent Tickets:

Description

I encountered this because I've set my web browser (Iceweasel/Firefox 21) to store my MediaGoblin password and automatically fill it in when it deems appropriate.

Steps to reproduce

  1. Go to "Change account settings".
  1. Web browser automatically fills in "Old password" field, but leaves "New password" field empty (user that only wishes to change license setting will not notice this as it happens automatically).
  1. Change license setting if you want (this seems to be optional).
  1. Press "Save changes."
  1. Log out and try to log in again: your old password doesn't work, the new password is the empty string. (Can be confirmed e.g. by trying to login with the piwigo plugin which allows empty password to be entered.)

The change account settings dialog should either warn of empty password, or simply assume the user does not wish to touch the password if it is left empty. (As was my case.)

Change History (5)

comment:1 by rodney757, 11 years ago

Owner: set to rodney757
Status: newin_progress

comment:2 by rodney757, 11 years ago

Owner: rodney757 removed
Status: in_progressreview

This branch fixes this and moves the change password stuff to a separate view.

https://github.com/rodney757/mediagoblin/commits/change_pass

I'm also adding support to change email, so the change account settings view will look similar to how it does before this patch. See #705

Last edited 11 years ago by rodney757 (previous) (diff)

comment:3 by Elrond, 11 years ago

Owner: set to rodney757
Status: reviewin_progress

That looks good!

Some things:

  1. Please don't use tabs for indenting, even templates.
  2. Translating half parts does not really work good for all languages. "Change your" + "password". Think of a language that goes like "change password of yours". Either make the whole sentence into a link (my vote!) or put the whole linking in the translation (look for examples around).
  3. You might want to move the request.staticdirect('/js/show_password.js') thing from the edit_acccount.html to your new change_pass.html so that people can enable password viewing while typing it. You also need the id="password" on the form field for that to work.

comment:4 by rodney757, 11 years ago

Owner: rodney757 removed
Status: in_progressreview

comment:5 by Elrond, 11 years ago

Resolution: fixed
Status: reviewclosed

Merged: d5e035e9193cb9c9faff0e8601e2908bf5285f9c

Yeah, thanks!

Note: See TracTickets for help on using tickets.