Opened 2 years ago
Last modified 5 weeks ago
#42766 assigned defect (bug)
Issue in update password From admin side and login ith same password
Reported by: |
|
Owned by: |
|
---|---|---|---|
Milestone: | 5.4 | Priority: | normal |
Severity: | normal | Version: | |
Component: | Administration | Keywords: | good-first-bug has-patch has-unit-tests |
Focuses: | ui, javascript, administration, performance | Cc: | |
PR Number: |
Description
Issue details:
-> login to admin area:
-> go to user tab
-> Click on your admin user
-> Go to password field click on generate password
-> Remove generated password
-> keep that password box empty or fill it with any number of space.
-> Click on update profile.
-> You will get a success message that your profile was successfully updated.
-> logout
-> But try using that same password or previous password you can't login.
Attachments (4)
Change History (18)
#1
follow-up:
↓ 3
@
2 years ago
- Keywords needs-patch good-first-bug added
- Owner set to adamsilverstein
- Status changed from new to assigned
#3
in reply to:
↑ 1
@
2 years ago
Thnaks for appreciation
Replying to adamsilverstein:
Hi @ronakganatra - thanks for the bug report.
I ran thru these steps in mac/chrome dev channel and was able to reproduce by entering spaces into the field. if I leave the field blank, my password is unchanged. We probably shouldn't touch the password if your new password is all spaces, and when i tried logging in with the spaces as my password, it didn't work.
#4
@
2 years ago
- Keywords needs-unit-tests added
@1naveengiri Thanks for the patch! this looks like it will resolve the issue, I will give it a test.
Did you consider checking for empty vs. trimming? i guess trimming is better, spaces at the beginning or end of passwords are likely copy/paste or user entry errors.
I'm not sure we need the error message, would users get that when submitting a blank password field? they might expect empty to indicate no change (and not an error).
Additionally, it would be good to add a unit test here validating that a blank password will not be saved.
@
2 years ago
@adamsilverstein trimming is better here, as you know spaces are not considered as empty. I have removed that error, your point seems meaningful to me here.
#6
@
2 years ago
@adamsilverstein we already have a unit test for empty password check.
https://develop.svn.wordpress.org/trunk/tests/phpunit/tests/user.php
function test_edit_user_blank_pw()
#8
@
2 years ago
- Keywords needs-testing removed
@ronakganatra thanks for testing.
@1naveengiri Ah right - thanks for tracking down the function test_edit_user_blank_pw
test, which seems like it should test for this. However, in this case we were sending not a blank password but one consisting only of spaces, right?
We can expand the unit test to catch that case so the test fails before this patch, but passes after it.
#9
@
2 years ago
I was able to reproduce the bug when entering spaces into the field. After applying the patch however I was able to log in succesfully. Although it still lets me update my profile with blank and spaces only passwords, I can only login with my original password. I also tested trimming after applying the patch and found it to work succesfully.
#10
@
23 months ago
- Keywords has-unit-tests added; needs-unit-tests removed
@adamsilverstein I added a patch containing unit test.
I am confused a little with file 42766.patch. It contains code which doesn't regard this ticket in my opinion. I didn't use the file 42766.patch for new file 42766.3.diff.
Hi @ronakganatra - thanks for the bug report.
I ran thru these steps in mac/chrome dev channel and was able to reproduce by entering spaces into the field. if I leave the field blank, my password is unchanged. We probably shouldn't touch the password if your new password is all spaces, and when i tried logging in with the spaces as my password, it didn't work.