Copied to clipboard

Flag this post as spam?

This post will be reported to the moderators as potential spam to be looked at


  • TheWolverine 6 posts 106 karma points
    Jun 27, 2018 @ 09:22
    TheWolverine
    0

    User change password in backend doesn't seem to work

    Before I log a possible bug I would like to check with you guys if I'm missing something. It appears that the 'Change password' in Umbraco 7.10.4 doesn't work. I will first explain the issue and then I will give you the settings I'm using.

    The issue

    When I change the password of a user in the Umbraco backend using the 'Change password' feature, the user cannot log into Umbraco with the new password (or the old password for that matter). When I check the development tools, I see that the API call to PostLogin returns a 400 error. When the user uses the 'forgot password' functionality and reset it's password, the user can log in successfully.

    Cause

    I'm not sure what's causing this issue, but it appears that the 'change password' function doesn't work as expected. Since the 'forgot password' function does work, I assume it's a bug.

    Info about my project

    The important things to know for context are:

    The Umbraco installation is an upgrade from Umbaco 7.4.x to 7.10.4, so legacy encoding is enabled. In the web.config, the Membership provider line looks like this:

    <add name="UmbracoMembershipProvider" type="Umbraco.Web.Security.Providers.MembersMembershipProvider, Umbraco" minRequiredNonalphanumericCharacters="0" minRequiredPasswordLength="8" useLegacyEncoding="true" enablePasswordRetrieval="false" enablePasswordReset="false" requiresQuestionAndAnswer="false" defaultMemberTypeAlias="Member" passwordFormat="Hashed" allowManuallyChangingPassword="true" maxInvalidPasswordAttempts="20" />
    

    Exact steps to reproduce

    • I create a new user and an invitation mail is sent.
    • Using the invitation link, the user sets a password and can log into Umbraco with the new password.
    • When I use the 'change password' option on the user in the backend of Umbraco and set a new password, the user cannot log into Umbraco with the new (and old) password. I see in the user database that the password was changed a new password hash and the last password changed date is updated), but for some reason this new password doesn't work.
    • When the user uses the forgot password option and uses the link in the subsequent mail to set a new password, this new password works.
  • Kyle 2 posts 73 karma points c-trib
    Jul 06, 2018 @ 16:45
    Kyle
    0

    I believe we are seeing this exact issue as well with sites we've upgraded from 7.6.4 to 7.11.0

    Anyone else seeing this?

Please Sign in or register to post replies

Write your reply to:

Draft