[Tickets #11924] Re: Add API in Horde_Registry_Application to reset credentials
noreply at bugs.horde.org
noreply at bugs.horde.org
Sun Jan 6 17:03:08 UTC 2013
DO NOT REPLY TO THIS MESSAGE. THIS EMAIL ADDRESS IS NOT MONITORED.
Ticket URL: http://bugs.horde.org/ticket/11924
------------------------------------------------------------------------------
Ticket | 11924
Updated By | Ralf Lang (B1 Systems GmbH) <lang at b1-systems.de>
Summary | Add API in Horde_Registry_Application to reset
| credentials
Queue | Horde Framework Packages
Version | Git master
Type | Enhancement
State | New
Priority | 2. Medium
Milestone |
Patch |
Owners |
------------------------------------------------------------------------------
Ralf Lang (B1 Systems GmbH) <lang at b1-systems.de> (2013-01-06 18:03) wrote:
> I've thought about this more and am questioning the need for an API
> to reset credentials at all.
>
> Seems to me that the passwd application should have a configuration
> option to indicate whether a successful password change should
> trigger a reset of ALL currently authenticated horde applications, a
> list of Horde applications, or none. The passwd code should then
> call Horde_Registry#clearAuth() (for the first) or
> Horde_Registry#clearAuthApp() (for the second), re-set the
> credentials in the session (Horde_Registry#setAuth()), and then rely
> on the normal application login procedure to reauthenticate to those
> applications, if needed.
I like the idea of just resetting auth and forcing the app to reauth though.
I doubt this will work, at least for IMP.
After the password is changed in the backend, I cannot call clearAuth
or clearAuthApp because it would run pushApp,
IMP_Application::_authenticated and in turn
IMP_Auth::authenticateCallback. This would use the old invalid
credentials and result in the dreaded "IMP NOT ACTIVATED" message.
Any idea how to break that is welcome.
More information about the bugs
mailing list