Skip to Content.
Sympa Menu

en - Re: [sympa-users] funnyness involving password resets

Subject: The mailing list for listmasters using Sympa

List archive

Re: [sympa-users] funnyness involving password resets

Chronological Thread  
    < Chronological >       < Thread >
  • From: David Verdin <address@concealed>
  • To: Miles Fidelman <address@concealed>
  • Cc: "address@concealed" <address@concealed>
  • Subject: Re: [sympa-users] funnyness involving password resets
  • Date: Thu, 02 Sep 2010 10:38:53 +0200
Hi Miles,

Le 31/08/2010 02:43, Miles Fidelman a écrit :
Of late, I've been having a funny problem with password resets.

Two different symptoms.  In some cases, new users are getting funny looking passwords in their "welcome" message, which don't actually work.
This is probably due to customized templates in your instance. These templates were not updated after you upgraded (Sympa never changes anything in customized files in etc or expl). So they still contain placeholders for the password. As of Sympa 5.4, the password are stored in a non reversible fashion (we store a MD5 hash). So the funny looking passwords your users receive are these MD5 hashes.
Until recently I blamed administrators for keeping such out of date templates but a user of ours pointed that:
1- warning about the importance to update templates were not very visible, so it was easy to miss it;
2- We still made the password available to mail templates even though it was now pointless.
So we will change the code (in the beta 7 or beta 8) to stop delivering passwords.

Then, clicking on "lost password," and asking for a new password results in an email with a link it.  Clicking on the link sometimes leads to a screen for entering a new password, but sometimes leads to a screen saying:


     Sorry, this operation can't be performed

A validation link was sent to you on 30 Aug 2010 at 20:38:18. (the validation link was requested from host 173.76.134.212)


     reason

The validation link has already been validated from host 173.76.134.212 .If you did not perform this validation, please report this confidentiality issue to your mail services administrator.

After which, one is logged in.
One should not. If the link was not valid, then you should not be logged in after clicking it. These are one time tickets. So as soon as they have been clicked, you can't use them anymore.
Could you please check that you did not have a valid session running prior to clicking the used link?

Apart from this, everything seems to be working as it is intended to.

Regards,

David

Any thoughts on what might be going on, or how to track this down?

Thanks,

Miles Fidelman


--
David Verdin
Comité réseau des universités

Due to the limitations of human brain, I fail to remember all the mails.
So if you want your bug reports or feature requests for Sympa to be processed, please post them to the Sympa tracker

Archive powered by MHonArc 2.6.19+.

Top of Page