@wronan opened this Issue on February 11th 2016 Contributor

https://github.com/piwik/piwik/blob/master/plugins/UsersManager/Controller.php#L462

Should be:

$auth->setPassword($newPassword);

instead.

@mattab commented on February 12th 2016 Owner

Hi @wronan does it cause a bug that can be reproduced? could you describe the issue ie Steps to reproduce, Got VS Expected behavior

@wronan commented on February 12th 2016 Contributor

Steps to reproduce:

  1. log into your Piwik
  2. go for your personal settings
  3. change password to New"Pass
  4. you will get permission error, will have to reload the page manually and will land on login form

This partially fails: new password will be set in the DB, but initSession() will fail due to pass mismatch (it will pick new correct pass hash from the DB and compare it with

md5('New"Pass')
@wronan commented on February 12th 2016 Contributor

Well... to be honest, I tested it on 2.15.0 but I don't see any code changes in this controller, so I assume problem still exists.

@tsteur commented on February 12th 2016 Owner

I can confirm this.

This Issue was closed on March 2nd 2016
Powered by GitHub Issue Mirror