View Issue Details
ID | Project | Category | View Status | Date Submitted | Last Update |
---|---|---|---|---|---|
15767 | Bug reports | User / Groups / Roles | public | 2020-01-24 11:39 | 2020-02-17 11:22 |
Reporter | pstelling | Assigned To | eddylackmann | ||
Priority | none | Severity | minor | ||
Status | closed | Resolution | fixed | ||
Product Version | 4.0.0-RC4 | ||||
Target Version | 4.0.x | ||||
Summary | 15767: Users (super admin user) could change pw using massive action | ||||
Description | In the "User Management panel" you have the possibility to change password of every user (including the user who is logged in) by massive action at once. In the worse case this could mean, nobody could log in anymore when not getting an email. Normally an email is always send to the users selected by massive action when using the functionality of changing passwords. But what will happen, if those emails (with a randomized password) could not be send or not be read for some reason? Nobody could ever log in again and installation process has to be done again (loosing the actual data in the db). Maybe it could be a good idea to exclude the user who is logged in and the super admin for this massive action? | ||||
Steps To Reproduce | BE CAREFUL (when reproducing it, you'll have to do the installation again) Here i'm just reporting how it happend! (1) Log in as super admin user (having a wrong/unknown email address saved) (2) go to Manage Survey Administrator (3) select all users in the Gridview and use the massive action "Resend login data" A random password will be saved in database and the email with that new password will never arrive... | ||||
Tags | No tags attached. | ||||
Complete LimeSurvey version number (& build) | Version 4.0.0-RC14 | ||||
I will donate to the project if issue is resolved | No | ||||
Browser | |||||
Database & DB-Version | mysql | ||||
Server OS (if known) | |||||
Webserver software & version (if known) | |||||
PHP Version | 7.2 | ||||
> But what will happen, if those emails (with a randomized password) could not be send or not be read for some reason? Nobody could ever log in again and installation process has to be done again (loosing the actual data in the db). 3 solutions 1. Use CLI `php application/commands/console.php resetpassword` 2. https://gitlab.com/SondagesPro/coreAndTools/ResetPasswordController 3. DB update`UPDATE lime_users SET password = 0x35653838343839386461323830343731353164306535366638646336323932373733363033643064366161626264643632613131656637323164313534326438 WHERE uid =1;` See https://manual.limesurvey.org/General_FAQ#I_forgot_my_admin_password._How_do_I_reset_it.3F |
|
Fix committed to master branch: http://bugs.limesurvey.org/plugin.php?page=Source/view&id=29561 | |
Fixed in Release 4.1.5+200217 | |
Date Modified | Username | Field | Change |
---|---|---|---|
2020-01-24 11:39 | pstelling | New Issue | |
2020-01-24 11:39 | pstelling | Status | new => assigned |
2020-01-24 11:39 | pstelling | Assigned To | => cdorin |
2020-02-07 13:25 | eddylackmann | Assigned To | cdorin => eddylackmann |
2020-02-07 13:25 | eddylackmann | Status | assigned => testing |
2020-02-07 18:32 | DenisChenu | Note Added: 55812 | |
2020-02-14 11:47 | eddylackmann | Changeset attached | => LimeSurvey master 8eedb507 |
2020-02-14 11:47 | eddylackmann | Note Added: 56012 | |
2020-02-14 11:47 | eddylackmann | Resolution | open => fixed |
2020-02-17 10:19 | eddylackmann | Status | testing => resolved |
2020-02-17 11:22 | lime_release_bot | Note Added: 56052 | |
2020-02-17 11:22 | lime_release_bot | Status | resolved => closed |