[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#556979: marked as done (Does not verify username when resetting password)

Your message dated Thu, 19 Nov 2009 13:23:51 -0300
with message-id <4B057117.4000407@gmail.com>
and subject line Re: Bug#556979: Acknowledgement (wiki.debian.org: cannot login)
has caused the Debian Bug report #556979,
regarding Does not verify username when resetting password
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org

556979: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=556979
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message ---
Package: wiki.debian.org
Severity: important

I cannot login to the wiki, even though I changed my password (my
username exisits, and a token was sent to my e-mail, and I set a new
password). My username is fsateler.

-- System Information:
Debian Release: squeeze/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.31-9-rt (SMP w/2 CPU cores; PREEMPT)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

--- End Message ---
--- Begin Message ---
Frank Lin PIAT wrote:
On Wed, 2009-11-18 at 19:37 -0300, Felipe Sateler wrote:
Frank Lin PIAT wrote:
On Wed, 2009-11-18 at 17:52 -0300, Felipe Sateler wrote:
[..] it is wrong that it did let me change my password.
This behavior is be design: Moinmoin send your password when you request
it.  If you want to change your password, log into the wiki, then click
on settings, then Change password (!).
Actually, it sends a token which I use to change my password.

But I need to supply my username and e-mail address for that. And even though I provided the wrong username, it sent me an e-mail.

I've just checked and it's actually the behavior by design: "provide
your email address *or* username".

Do you think that this is a problem? (personally, I think it's the
sensible behavior, because people who lost their password may have
forgotten their username too)

Ah, this makes sense. I figure I misread the reset password page. Closing the bug as this was clearly a problem between computer and chair.

Felipe Sateler

--- End Message ---

Reply to: