[horde] passwd with Horde 4

[AsdrúbalDomínguez]

Jan Schneider <jan <at> horde.org> writes:

> >>>>>
> >>>>> Hi Kareem, can you please file a bug report?
> >>>>> I am on a long weekend holiday and might forget,
> >>>>> but maybe you can patch it yourself.
> >>>>>
> >>>>> What resetCredentials basically needs to do (but doesn't) is
> >>>>>
> >>>>>  * look if the authentication backend is Horde_Auth_Application
> >>>>>  * If so, call
> >>>>>  $GLOBALS['registry']->setAuthCredential('password', $new_password,
> >>>>>
> >>>>> $appname);
> >>>>> after
> >>>>>
> >>>>>  $GLOBALS['registry']->setAuthCredential('password', $new_password);
> >>>>>
> >>>>> --
> >>>>> Ralf Lang
> >>>>> Linux Consultant / Developer
> >>>>>
> >>>>> B1 Systems GmbH
> >>>>> Osterfeldstraße 7 / 85088 Vohburg / http://www.b1-systems.de
> >>>>> GF: Ralph Dehner / Unternehmenssitz: Vohburg / AG: Ingolstadt,HRB 3537
> >>>>> --
> >>>>
> >>>> I submitted a bug report Ticket #10228. I added an additional comment
> >>>> because I tried what you suggested and IMP still did not authenticate
> >>>> with the new password. It didn't even try to log back into the IMAP
> >>>> server. Thanks for taking a look at it.
> >>>
> >>> IMP caches its password within the Horde_Imap_Client object.  It does
> >>> not use Horde credentials once a login is successful.
> >>>
> >>> Changing a password mid-session is not a good idea.  It will break
> >>> using something like imapproxy, for example.  And AFAIK, there is no
> >>> guarantee that a password changed by the passwd module will do
> >>> something like change an IMAP password - since in most cases, the IMAP
> >>> server is entirely remote to the Horde installation.  So simply
> >>> changing all current passwords in a Horde session is a Bad Idea.
> >>>
> >>
> >> It wasn't about all current passwords but only if a passwd driver  
> >> is set to be
> >> horde authentication (currently the default but after the  
> >> discussion with eric
> >> I'm thinking of flipping this around) and imp is the authentication driver.
> >> I'm not sure what would be the right behaviour in this case. Should  
> >> we force-
> >> logout the user to re-init everything on login?
> >
> > At this point, yes.  Unless we added a Registry application API call  
> > that is called when a user's credentials are changed during a session.
> 
> Which we should add then. Logging users out because they changed their  
> password is not a good practice.
> 
> Jan.
> 

Hi I'm using the passwd code too, and I got the same problem whit it . I found
that that the problem is  inside the function resetCredentials on
passwd/lib/Passwd.php, first because the call to setAuthCredential() to set the
new password is made on wrong way, we have to change from:

$GLOBALS['registry']->setAuthCredential('password', $new_password);

 to: 

$GLOBALS['registry']->setAuthCredential('password', $new_password,
$GLOBALS['session']->get('horde', 'auth/credentials'));


That's because the third parameter (The app name) on function setAuthCredential
is bad calculate on class Horde_Registry when it is not passed to if function
(because is optional), but the same parameter  on function getAuthCredential is
rigth calculated when it's missing, so it could be a bug on  setAuthCredential.

But it is not over, because the class IMP_Imap have the configuration to conect
to the IMAP server where it save the user a password and we have to reset that
configuration and pass the new password, so on function resetCredentials  we
have to add:

$imp_imap = $GLOBALS['injector']->getInstance('IMP_Factory_Imap')->create(null,
true);$imp_imap->ob=NULL;
$imp_imap->createImapObject($GLOBALS['registry']->getAuth('bare'),
$new_password, IMP_Auth::getAutoLoginServer());


And that is it.