[Tickets #10704] Re: Password is not updated in session

bugs at horde.org bugs at horde.org
Tue Dec 20 20:05:10 UTC 2011 

DO NOT REPLY TO THIS MESSAGE. THIS EMAIL ADDRESS IS NOT MONITORED.

Ticket URL: http://bugs.horde.org/ticket/10704
------------------------------------------------------------------------------
  Ticket             | 10704
  Updated By         | azurit at pobox.sk
  Summary            | Password is not updated in session
  Queue              | Passwd
  Version            | 4.0
  Type               | Bug
  State              | Duplicate
  Priority           | 1. Low
  Milestone          |
  Patch              |
  Owners             |
------------------------------------------------------------------------------


azurit at pobox.sk (2011-12-20 20:05) wrote:

Can this be reopened?

I started to digging deeper into this and i found out something
interesting. When password is changed it is reseted in cache via
resetCredentials function. This function is reseting password stored
in memory (in session). Problem is that password from session is NEVER
used for logging into IMAP server.

Login to IMAP is done via Horde_Imap_Client which takes login and
password as argument (in $params) and these values are set ONLY in
constructor (this is done by Horde/IMP in createImapObject function
called in Auth.php). Problem is that IMAP object is initialized only
ONCE per IMAP login in our installation - so, when password changes,
it is correctly updated in session but gets NEVER updated in IMAP
object. I was doing some debug logging inside Horde and Horde/IMP and
it is really like this, constructor for Horde_Imap_Client is called
only once per login, the IMAP object is probably serialized and cached
somewhere.

Sending patch which works for me:

File: passwd/lib/Passwd.php
Function (at the end of file): resetCredentials
Code (i added 3 lines which starts by '$imp_imap'):

      static public function resetCredentials($old_password, $new_password)
      {
          if ($GLOBALS['registry']->getAuthCredential('password') ==  
$old_password) {
              $GLOBALS['registry']->setAuthCredential('password',  
$new_password);

              $imp_imap =  
$GLOBALS['injector']->getInstance('IMP_Factory_Imap')->create();
              $imp_imap->ob = NULL;
               
$imp_imap->createImapObject($GLOBALS['registry']->getAuth(),  
$new_password, IMP_Auth::getAutoLoginServer());
          }
      }

More information about the bugs mailing list