[Tickets #11924] Re: Add API in Horde_Registry_Application to reset credentials

noreply at bugs.horde.org noreply at bugs.horde.org
Sun Jan 6 17:03:08 UTC 2013


Ticket URL: http://bugs.horde.org/ticket/11924
  Ticket             | 11924
  Updated By         | Ralf Lang (B1 Systems GmbH) <lang at b1-systems.de>
  Summary            | Add API in Horde_Registry_Application to reset
                     | credentials
  Queue              | Horde Framework Packages
  Version            | Git master
  Type               | Enhancement
  State              | New
  Priority           | 2. Medium
  Milestone          |
  Patch              |
  Owners             |

Ralf Lang (B1 Systems GmbH) <lang at b1-systems.de> (2013-01-06 18:03) wrote:

> I've thought about this more and am questioning the need for an API  
> to reset credentials at all.
> Seems to me that the passwd application should have a configuration  
> option to indicate whether a successful password change should  
> trigger a reset of ALL currently authenticated horde applications, a  
> list of Horde applications, or none.  The passwd code should then  
> call Horde_Registry#clearAuth() (for the first) or  
> Horde_Registry#clearAuthApp() (for the second), re-set the  
> credentials in the session (Horde_Registry#setAuth()), and then rely  
> on the normal application login procedure to reauthenticate to those  
> applications, if needed.

I like the idea of just resetting auth and forcing the app to reauth though.
I doubt this will work, at least for IMP.

After the password is changed in the backend, I cannot call clearAuth  
or clearAuthApp because it would run pushApp,   
IMP_Application::_authenticated and in turn  
IMP_Auth::authenticateCallback. This would use the old invalid  
credentials and result in the dreaded "IMP NOT ACTIVATED" message.

Any idea how to break that is welcome.

More information about the bugs mailing list