Password set when claiming a Launchpad profile is not used when logging in
Bug #554153 reported by
Guilherme Salgado
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Launchpad itself |
Fix Released
|
High
|
Edwin Grubbs |
Bug Description
When you claim a Launchpad profile you set a password to it, but that password will not be the one matched against what you enter on the login form. That's because the claiming happens on Launchpad (so the password is stored there) and the login happens on the Login Service, which has no access to the stored password.
If the profile was created before the DB was split, one can just go to login.lp.net and ask for a password reset using that profile's email address to make it usable. However, if the profile was created after the split, it might be possible to make it usable just by registering on login.lp.net using the same email address, but I'm not sure that'd work.
Related branches
lp:~edwin-grubbs/launchpad/bug-554153-claim-profile-bug
Merged
into
lp:launchpad
- Abel Deuring (community): Approve (code)
-
Diff: 654 lines (+56/-377)10 files modifiedlib/canonical/launchpad/browser/logintoken.py (+4/-56)
lib/canonical/launchpad/doc/logintoken-pages.txt (+9/-77)
lib/canonical/launchpad/interfaces/authtoken.py (+0/-7)
lib/canonical/launchpad/zcml/logintoken.zcml (+0/-7)
lib/lp/registry/browser/configure.zcml (+0/-6)
lib/lp/registry/browser/person.py (+22/-62)
lib/lp/registry/stories/person/xx-person-claim-merge.txt (+17/-2)
lib/lp/registry/stories/person/xx-person-claim.txt (+0/-148)
lib/lp/registry/stories/team/xx-team-claim.txt (+4/-6)
lib/lp/registry/templates/person-index.pt (+0/-6)
Changed in launchpad-registry: | |
assignee: | nobody → Edwin Grubbs (edwin-grubbs) |
Changed in launchpad-registry: | |
status: | Triaged → In Progress |
Changed in launchpad-registry: | |
status: | In Progress → Fix Committed |
tags: | added: qa-needstesting |
tags: |
added: qa-ok removed: qa-needstesting |
tags: |
added: qa-ok removed: qa-needstesting |
To post a comment you must log in.
I am not sure this is a registry issue. This looks like an authentication issue. I honestly do not understand the account and password split. I assumed Launchpad will not have account or password at all. I expect something has verified the user and called ensurePerson() to create the person's profile if it is missing.