Mahara

Changing password when first logging in via SSO when internal login also available

Bug #1884658 reported by Robert Lyon on 2020-06-22

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	Mahara	Fix Released	Wishlist	Robert Lyon	Mahara 20.10.0

Bug Description

When a person logs into Mahara for the first time via an external authentication (SSO) their account is not made with an internal password.

So if the institution they belong to then has internal authentication added they can switch to use internal authentication but not able to change their password via personal Settings -> Preferences page.

We need to adjust this form so that if a person never had an internal password set they can set a new one here

Tags:

Revision history for this message

Robert Lyon (robertl-9) wrote on 2020-06-22:

Talked about in https://mahara.org/interaction/forum/topic.php?id=8649

Robert Lyon (robertl-9) on 2020-06-22

Changed in mahara:
assignee:	nobody → Robert Lyon (robertl-9)
importance:	Undecided → High

Revision history for this message

Mahara Bot (dev-mahara) wrote on 2020-06-23: A patch has been submitted for review

Patch for "master" branch: https://reviews.mahara.org/11037

Revision history for this message

Robert Lyon (robertl-9) wrote on 2020-06-23:

To test:

1) Have a site where an institution has both internal and external auth (eg SAML)

2) Log in as a new user via SSO, eg SAML, so it creates the account
- check the database to see that the usr table has empty password column for the new user

3) Log in as admin and change the auth method of the new user to internal auth

4) As admin go to the Account -> Preference settings page - you should see fields for old password / new password / confirm password (3 fields) and need to full in all three to change the password

5) Log in as the user via SSO auth again and go to their Account -> Preference settings page - you should only see new password / confirm password (2 fields) and should be able to change the password by filling in the two fields and on success you should now see all three fields if you want to change it again

6) Set a new password, log out and login with the new password

Robert Lyon (robertl-9) on 2020-06-23

Changed in mahara:
milestone:	none → 20.10.0
status:	New → In Progress

Revision history for this message

Robert Lyon (robertl-9) wrote on 2020-06-25:

As mentioned on https://mahara.org/interaction/forum/topic.php?id=8649&post=34420 the patch for this does work for a community member as described

Revision history for this message

Mahara Bot (dev-mahara) wrote on 2020-06-28: A change has been merged

Reviewed: https://reviews.mahara.org/11037
Committed: https://git.mahara.org/mahara/mahara/commit/55851776f4a8ca486e544a5b9816dff0b5ee4873
Submitter: Robert Lyon (<email address hidden>)
Branch: master

commit 55851776f4a8ca486e544a5b9816dff0b5ee4873
Author: Robert Lyon <email address hidden>
Date: Tue Jun 23 15:05:04 2020 +1200

Bug 1884658: Allow setting of internal password if one not existing

Within the Account -> Preferences page

If they originally logged in via SSO but now have been set to internal
authentication by an administrator

Change-Id: I26262bb03795bfbf64a4a47a98f1ac54380f8388
Signed-off-by: Robert Lyon <email address hidden>

Robert Lyon (robertl-9) on 2020-06-28

Changed in mahara:
status:	In Progress → Fix Committed

Kristina Hoeppner (kris-hoeppner) on 2020-09-05

Changed in mahara:
importance:	High → Wishlist
tags:	added: newfeature

Robert Lyon (robertl-9) on 2020-10-22

Changed in mahara:
status:	Fix Committed → Fix Released

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.