Skip to main content

This site requires you to update your browser. Your browsing experience maybe affected by not having the most up to date version.

General Questions

General questions about getting started with SilverStripe that don't fit in any of the categories above.

Moderators: martimiz, Sean, biapar, Willr, Ingo, swaiba, simon_w

SS3.0.3 Bug? User Password not working


Reply

5 Posts   464 Views

Avatar
Overt

24 January 2013 at 9:42am Community Member, 5 Posts

I'm developing a new website with SS3.0.3.
After the User registers and logouts. Second time he can't login: gets wrong password notification.
Then he resets password with password reset link. And then he can login successfuly.
I can't find what is wrong.

Nothing super fancy, just tried to extend a Member data object. I can't fix the error even when removed the extension.

I've found such movement in database, Member table:
After user registers:
Real password: abc
Hashed password: $2x$10$f41adb9a2a067b443898aeBPO6oe49keA4Uq0DB1KyJg5WsLg/9nm

After user resets a password:
Real password: abc
Hashed password:
$2x$10$f41adb9a2a067b443898aeNl4PC58WpWLo8jGnywRthNT8t1A7OuG

After user changes a password:
Real password: 123
Hashed password:
$2x$10$f41adb9a2a067b443898aexSI39dVVhVTMGTK8o8I3agm/kuofere

After user changes a password:
Real password: abc
Hashed password:
$2x$10$f41adb9a2a067b443898aeNl4PC58WpWLo8jGnywRthNT8t1A7OuG

Avatar
Willr

24 January 2013 at 8:09pm Forum Moderator, 5511 Posts

If you can write a unit test to replicate the issue, post this message as a bug on open.silverstripe.org along with the code of your unit test to show the steps to reproduce. Seems to work fine for the majority of people (I would think it would create quite a stir if it was borked!)

Perhaps try 3.1.

Avatar
Overt

24 January 2013 at 8:24pm Community Member, 5 Posts

I think I have figured out the problem.
It is a Dashboard plugin.

I've debugged the password encoding process, and found, that after registration, users password was encoded two times. First time, hash code was correct, but after second time it was messed up.

There is a Call Stacks for encryption:
First time:

/framework/security/PasswordEncryptor.php.PasswordEncryptor_Blowfish->encrypt : lineno 179() /framework/security/PasswordEncryptor.php at line 179   
/framework/security/Security.php.Security::encrypt_password : lineno 830() /framework/security/Security.php at line 830   
/framework/security/Member.php.Member->onBeforeWrite : lineno 728() /framework/security/Member.php at line 728   
/framework/model/DataObject.php.DataObject->write : lineno 1058() /framework/model/DataObject.php at line 1058   
/mysite/code/PageRegistration.php.PageRegistration_Controller->doRegister : lineno 62() /mysite/code/PageRegistration.php at line 62   
/framework/forms/Form.php.Form->httpSubmission : lineno 360() /framework/forms/Form.php at line 360   
/framework/control/RequestHandler.php.RequestHandler->handleRequest : lineno 184() /framework/control/RequestHandler.php at line 184   
/framework/control/RequestHandler.php.RequestHandler->handleRequest : lineno 204() /framework/control/RequestHandler.php at line 204   
/framework/control/Controller.php.Controller->handleRequest : lineno 153() /framework/control/Controller.php at line 153   
/cms/code/controllers/ContentController.php.ContentController->handleRequest : lineno 197() /cms/code/controllers/ContentController.php at line 197   
/cms/code/controllers/ContentController.php.ContentController->handleRequest : lineno 180() /cms/code/controllers/ContentController.php at line 180   
/cms/code/controllers/ModelAsController.php.ModelAsController->handleRequest : lineno 68() /cms/code/controllers/ModelAsController.php at line 68   
/framework/control/Director.php.Director::handleRequest : lineno 307() /framework/control/Director.php at line 307   
/framework/control/Director.php.Director::direct : lineno 119() /framework/control/Director.php at line 119   
/framework/main.php.require_once : lineno 126() /framework/main.php at line 126   
/index.php.{main} : lineno 66() /index.php at line 66   

Second time:

/framework/security/PasswordEncryptor.php.PasswordEncryptor_Blowfish->encrypt : lineno 179() /framework/security/PasswordEncryptor.php at line 179   
/framework/security/Security.php.Security::encrypt_password : lineno 830() /framework/security/Security.php at line 830   
/framework/security/Member.php.Member->onBeforeWrite : lineno 728() /framework/security/Member.php at line 728   
/framework/model/DataObject.php.DataObject->write : lineno 1058() /framework/model/DataObject.php at line 1058   
/dashboard/code/DashboardMember.php.DashboardMember->onAfterWrite : lineno 49() /dashboard/code/DashboardMember.php at line 49   
/framework/core/Object.php.Object->extend : lineno 913() /framework/core/Object.php at line 913   
/framework/model/DataObject.php.DataObject->onAfterWrite : lineno 949() /framework/model/DataObject.php at line 949   
/framework/security/Member.php.Member->onAfterWrite : lineno 755() /framework/security/Member.php at line 755   
/framework/model/DataObject.php.DataObject->write : lineno 1175() /framework/model/DataObject.php at line 1175   
/mysite/code/PageRegistration.php.PageRegistration_Controller->doRegister : lineno 62() /mysite/code/PageRegistration.php at line 62   
/framework/forms/Form.php.Form->httpSubmission : lineno 360() /framework/forms/Form.php at line 360   
/framework/control/RequestHandler.php.RequestHandler->handleRequest : lineno 184() /framework/control/RequestHandler.php at line 184   
/framework/control/RequestHandler.php.RequestHandler->handleRequest : lineno 204() /framework/control/RequestHandler.php at line 204   
/framework/control/Controller.php.Controller->handleRequest : lineno 153() /framework/control/Controller.php at line 153   
/cms/code/controllers/ContentController.php.ContentController->handleRequest : lineno 197() /cms/code/controllers/ContentController.php at line 197   
/cms/code/controllers/ContentController.php.ContentController->handleRequest : lineno 180() /cms/code/controllers/ContentController.php at line 180   
/cms/code/controllers/ModelAsController.php.ModelAsController->handleRequest : lineno 68() /cms/code/controllers/ModelAsController.php at line 68   
/framework/control/Director.php.Director::handleRequest : lineno 307() /framework/control/Director.php at line 307   
/framework/control/Director.php.Director::direct : lineno 119() /framework/control/Director.php at line 119   
/framework/main.php.require_once : lineno 126() /framework/main.php at line 126   
/index.php.{main} : lineno 66() /index.php at line 66   

Avatar
snel

27 January 2013 at 10:37am Community Member, 10 Posts

Thanks for posting this, helped me after 2h of searching!
Found my Unit-Tests failing: User-Authentication did not work anymore. Because I did other changes, I didn't think, the Dashboard-Module was the cause. Now, after reading your post and removing the module, unit-tests work again.

Posted issue on github: https://github.com/unclecheese/silverstripe-dashboard

Avatar
snel

28 January 2013 at 7:18am Community Member, 10 Posts

The issue has been resolved in the Dashboard-Module (https://github.com/unclecheese/silverstripe-dashboard/issues/17)