Bug #79876
closedfelogin: Authentication issue, password will be rehashed after saving user data
0%
Description
If one changes something in an fe_user entry (it doesn't matter which property) the password will be rehashed and the user won't be able to login any further.
Steps to reproduce:
1. Create an fe_user, assign password (DB fe_users password: `$P$CN4GFleNMV4EWf9KDKpU1aNRdor51R.`)
2. user is able to login
3. Change First name or any other property and save it
4. have a look at the database, the password has been changed `$P$CLqlmIjC1.tEMYZLqDI1cCxgxdRbg7.`
5. the user is unable to login
6. change the password again (BE)
7. the user is able to login
Environment
- Extension rsaauth is installed
- `[FE][loginSecurityLevel] = rsa` (also tested `normal`, same issue here)
- tested on a fresh installation as well as a migrated one
One more problem:
If I disable the user, the user cannot login (password hash changed). BUT if I enter the password again (BE, edit user entry), the user is able to login even though the user is still disabled. Same counts for start- and endtime.
EDIT: The same occurs for be_users.
Files
Updated by Stephan Großberndt almost 8 years ago
- Status changed from New to Closed