Joomla! Issue Tracker - CMS

Download
Launch
Feeling Lucky

[#44723] - [5.2] Fix password reset broken in backend

RTC Release Blocker bug PR-5.2-dev Pending

User tests: Successful: Unsuccessful:

avatar joomdonation
joomdonation
12 Jan 2025

Pull Request for Issue #44715

Summary of Changes

This PR fixes password reset broken as described here #44715. Further more, I improved code of checkUserRequiresReset, hopefully make it easier to understand and maintatin.

Testing Instructions

  • Follow instructions at #44715, confirm the issue
  • Apply patch, confirm that the issue is fixed
  • Check and make sure Require Password Reset works when you login from frontend, too.

Actual result BEFORE applying this Pull Request

  • Infinitive redirection when login to backend using an account which has with Require Password Reset set to Yes

Expected result AFTER applying this Pull Request

  • No Infinitive redirection anymore. You can reset password when login using that account when login to administrator area of your site

Link to documentations

Please select:

  • No documentation changes for docs.joomla.org needed
  • No documentation changes for manual.joomla.org needed

Votes

# of Users Experiencing Issue
1/1
Average Importance Score
4.00
avatar joomdonation joomdonation - open - 12 Jan 2025
avatar joomdonation joomdonation - change - 12 Jan 2025
Status New Pending
avatar joomla-cms-bot joomla-cms-bot - change - 12 Jan 2025
Category Libraries
avatar joomdonation joomdonation - change - 12 Jan 2025
Title
Fix password reset broken in backend
[5.2] Fix password reset broken in backend
avatar joomdonation joomdonation - edited - 12 Jan 2025
6fe7ad0 12 Jan 2025 avatar joomdonation CS
avatar joomdonation joomdonation - change - 12 Jan 2025
Labels Added: PR-5.2-dev
avatar alikon alikon - test_item - 12 Jan 2025 - Tested successfully
avatar alikon
alikon - comment - 12 Jan 2025

I have tested this item ✅ successfully on 6fe7ad0

This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/44723.

avatar fgsw
fgsw - comment - 13 Jan 2025

@Eric69-dev Thanks for reporting the bug (#44715). Can you test as the Pull Request need a second successfull test?

avatar Eric69-dev
Eric69-dev - comment - 13 Jan 2025

@Eric69-dev Thanks for reporting the bug (#44715). Can you test as the Pull Request need a second successfull test?

Hi,
I tested the pull request on my local Joomla instance. This fixed the redirection issue and user can connect to the backend but he is not noticed to renew his passord if "Require Password Reset" is set to Yes.

So it's better but not completly solved in my opinion.

avatar joomdonation
joomdonation - comment - 14 Jan 2025

Hi @Eric69-dev

When user login and password reset is required, there is a system message displayed You are required to reset your password before proceeding. See the attached screenshot, so I do not understand what's the difference with the previous behavior, could you please explain more details?

message

avatar Eric69-dev
Eric69-dev - comment - 14 Jan 2025

Hi @Eric69-dev

When user login and password reset is required, there is a system message displayed You are required to reset your password before proceeding. See the attached screenshot, so I do not understand what's the difference with the previous behavior, could you please explain more details?

Hi,
With Joomla 5.2.2, the first login of users with password reset required on the backend is automatically redirected to the user profile (with the system message displayed as you mentioned) and users cannot leave the profile page until they do what is asked of them.

Like this :
image

In my opinion, this behavior was good in terms of security because it forced users to immediately customize their passwords.

With version 5.2.3, this mandatory redirection is no longer active and, despite the system message, users who do not reset their password appear with the mention "Password reset required" in the user manager.

avatar joomdonation
joomdonation - comment - 14 Jan 2025

@Eric69-dev Isn't it works the same with the change implemented in this PR:

  • User is being redirected to the edit account page with the message You are required to reset your password before proceeding ask him to make the change
  • He/She cannot navigate to different page without making change

So unless I misunderstood your message, it is working as expected for me.

avatar Eric69-dev
Eric69-dev - comment - 14 Jan 2025

I re-applied the PR on a fresh install of Joomla 5.2.3 and indeed the expected behavior works correctly.
My previous test instance must be a bit crappy...

Sorry for my mistake and I confirm that the problem is solved.
Thanks Joomla Team!

avatar alikon
alikon - comment - 14 Jan 2025

@Eric69-dev please mark your successfull test at https://issues.joomla.org/tracker/joomla-cms/44723

avatar Eric69-dev Eric69-dev - test_item - 14 Jan 2025 - Tested successfully
avatar Eric69-dev
Eric69-dev - comment - 14 Jan 2025

I have tested this item ✅ successfully on 6fe7ad0

This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/44723.

avatar alikon alikon - change - 14 Jan 2025
Status Pending Ready to Commit
avatar alikon
alikon - comment - 14 Jan 2025

RTC

This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/44723.

avatar joomdonation joomdonation - change - 16 Jan 2025
Labels Added: RTC Release Blocker
avatar Hackwar Hackwar - change - 18 Jan 2025
Labels Added: bug
avatar Hackwar Hackwar - change - 18 Jan 2025
Status Ready to Commit Fixed in Code Base
Closed_Date 0000-00-00 00:00:00 2025-01-18 10:39:32
Closed_By Hackwar
avatar Hackwar Hackwar - close - 18 Jan 2025
avatar Hackwar Hackwar - merge - 18 Jan 2025
avatar Hackwar
Hackwar - comment - 18 Jan 2025

Thank you!

avatar joomdonation
joomdonation - comment - 18 Jan 2025

Thanks all !

Add a Comment

Login with GitHub to post a comment