Ticket #265 (new defect)

Opened 3 years ago

Last modified 3 years ago

Password confirmation

Reported by: gsferreira@tap.pt Assigned to: developer
Priority: high Milestone:
Component: Instiki Version: 0.9.2
Severity: major Keywords: Password
Cc:

Description

When editing a web - specifically while setting a password for view allowance - the password is not confirmed correctly:

If the first password field is 'test' and the second one 'testx', the password is set as 'test', which is incorrect, as it should warn the user that the passwords don't match.

Change History

11/24/05 11:50:14 changed by gsferreira@tap.pt

I've tracked down the problem...

From /views/admin/edit_web.rhtml are sent, among others, two variables, 'password' and 'password_check' to /app/controllers/admin_controller.rb.

To correct this, you need to edit function edit_web, in /app/controllers/admin_controller.rb: (code added is marked with #!!!!) 

def edit_web
  system_password = @params['system_password']
  if system_password
    # form submitted
    if wiki.authenticate(system_password)

      if @params['password'] != @params['password_check'] #!!!!

        begin
          wiki.edit_web(
            @web.address, @params['address'], @params['name'], 
            @params['markup'].intern, 
            @params['color'], @params['additional_style'], 
            @params['safe_mode'] ? true : false, 
            @params['password'].empty? ? nil : @params['password'],
            @params['published'] ? true : false, 
            @params['brackets_only'] ? true : false,
            @params['count_pages'] ? true : false,
            @params['allow_uploads'] ? true : false,
            @params['max_upload_size']
          )
          flash[:info] = "Web '#{@params['address']}' was successfully updated"
          redirect_home(@params['address'])
        rescue Instiki::ValidationError => e
          @error = e.message
          # and re-render the same template again
        end

      else #!!!!
        #!!!!!!! show somekind of error
      end  #!!!!

    else
      @error = password_error(system_password)
      # and re-render the same template again
    end
  else
    # no form submitted - go to template
  end
end

I don't know Ruby, so I don't know if the above is the correct way to compare strings, but this is just to pinpoint the bug.

11/24/05 11:52:34 changed by gsferreira@tap.pt

Sorry, where there is: 

if @params['password'] != @params['password_check'] #!!!!

should be: 

if @params['password'] == @params['password_check'] #!!!!

Again, only if this is the correct way to compare strings...