Changing password when first logging in via SSO when internal login also available

Bug #1884658 reported by Robert Lyon on 2020-06-22
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Robert Lyon

Bug Description

When a person logs into Mahara for the first time via an external authentication (SSO) their account is not made with an internal password.

So if the institution they belong to then has internal authentication added they can switch to use internal authentication but not able to change their password via personal Settings -> Preferences page.

We need to adjust this form so that if a person never had an internal password set they can set a new one here

Robert Lyon (robertl-9) on 2020-06-22
Changed in mahara:
assignee: nobody → Robert Lyon (robertl-9)
importance: Undecided → High
Robert Lyon (robertl-9) wrote :

To test:

1) Have a site where an institution has both internal and external auth (eg SAML)

2) Log in as a new user via SSO, eg SAML, so it creates the account
- check the database to see that the usr table has empty password column for the new user

3) Log in as admin and change the auth method of the new user to internal auth

4) As admin go to the Account -> Preference settings page - you should see fields for old password / new password / confirm password (3 fields) and need to full in all three to change the password

5) Log in as the user via SSO auth again and go to their Account -> Preference settings page - you should only see new password / confirm password (2 fields) and should be able to change the password by filling in the two fields and on success you should now see all three fields if you want to change it again

6) Set a new password, log out and login with the new password

Robert Lyon (robertl-9) on 2020-06-23
Changed in mahara:
milestone: none → 20.10.0
status: New → In Progress
Robert Lyon (robertl-9) wrote :

As mentioned on the patch for this does work for a community member as described

Submitter: Robert Lyon (<email address hidden>)
Branch: master

commit 55851776f4a8ca486e544a5b9816dff0b5ee4873
Author: Robert Lyon <email address hidden>
Date: Tue Jun 23 15:05:04 2020 +1200

Bug 1884658: Allow setting of internal password if one not existing

Within the Account -> Preferences page

If they originally logged in via SSO but now have been set to internal
authentication by an administrator

Change-Id: I26262bb03795bfbf64a4a47a98f1ac54380f8388
Signed-off-by: Robert Lyon <email address hidden>

Robert Lyon (robertl-9) on 2020-06-28
Changed in mahara:
status: In Progress → Fix Committed
Changed in mahara:
importance: High → Wishlist
tags: added: newfeature
Robert Lyon (robertl-9) on 2020-10-22
Changed in mahara:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers