Admin users cannot change other user's passwords via UI
Bug #1894727 reported by
Mateusz Pawlowski
This bug affects 2 people
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| MAAS |
Fix Released
|
Critical
|
Adam Collard | ||
| 2.7 |
Fix Committed
|
Undecided
|
Victor Tapia | ||
| 2.8 |
Fix Released
|
Undecided
|
Adam Collard | ||
| maas-ui |
Fix Released
|
Unknown
|
|||
Bug Description
Administrator is unable to change users passwords via UI.
MAAS version: 2.7.3 (8291-g.
Steps to reproduce:
1. Login to UI
2. Create user
3. Change user's password
4. Try to login with new password
Workaround:
1. Login to CLI
2. Change password with "maas changepassword <username>" command
Related branches
~vtapia/maas:lp1894727-28
- Adam Collard (community): Approve
- MAAS Lander: Approve
-
Diff: 107 lines (+76/-1)2 files modifiedsrc/maasserver/websockets/handlers/tests/test_user.py (+60/-0)
src/maasserver/websockets/handlers/user.py (+16/-1)
~vtapia/maas:lp1894727-27
- Adam Collard (community): Approve
- MAAS Lander: Approve
-
Diff: 107 lines (+76/-1)2 files modifiedsrc/maasserver/websockets/handlers/tests/test_user.py (+60/-0)
src/maasserver/websockets/handlers/user.py (+16/-1)
~adam-collard/maas:websocket-user-change-password
- MAAS Lander: Approve
- Alberto Donato: Approve
-
Diff: 111 lines (+80/-1)2 files modifiedsrc/maasserver/websockets/handlers/tests/test_user.py (+64/-0)
src/maasserver/websockets/handlers/user.py (+16/-1)
| description: | updated |
| summary: |
- Users cannot change password + Users cannot change password via UI |
| tags: | added: sts |
| tags: | added: ui |
| Changed in maas-ui: | |
| status: | Unknown → New |
Revision history for this message
| Kit Randel (blr) wrote Re: Users cannot change password via UI | #1 |
Revision history for this message
| Bill Wear (billwear) wrote | #2 |
Revision history for this message
| Bill Wear (billwear) wrote | #3 |
| Changed in maas-ui: | |
| status: | New → Fix Released |
Revision history for this message
| Victor Tapia (vtapia) wrote | #4 |
| Changed in maas: | |
| assignee: | nobody → Adam Collard (adam-collard) |
| Changed in maas: | |
| milestone: | none → 2.9.0b7 |
| Changed in maas: | |
| status: | New → Triaged |
| Changed in maas: | |
| importance: | Undecided → Critical |
| Changed in maas: | |
| status: | Triaged → Fix Committed |
| Changed in maas-ui: | |
| status: | Fix Released → New |
| Changed in maas: | |
| status: | Fix Committed → Fix Released |
| Changed in maas-ui: | |
| status: | New → Fix Released |
| Changed in maas: | |
| milestone: | 2.9.0b7 → 2.9.0b8 |
| summary: |
- Users cannot change password via UI + Admin users cannot change other user's passwords via UI |
Revision history for this message
| Adam Collard (adam-collard) wrote | #5 |
Revision history for this message
| Victor Tapia (vtapia) wrote | #6 |
To post a comment you must log in.
I'm a little sceptical that this has ever worked. Django contrib seems to suggest that correct form for an admin changing a user's password is AdminPasswordCh
We currently dispatch a websocket request in the following form when editing a user:
{
method: "user.update"
params: {
email: "<email address hidden>"
id: 30
is_superuser: false
last_name: "test user"
password1: "test"
password2: "test"
username: "test"
request_id: 46
type: 0
}
}
"password1" and "password2" are sent, and the response does not error, but presumably these params are discarded.