Jump to:

23478 Posts in 18941 Topics by 2878 members

General Questions

SilverStripe Forums » General Questions » SS3.0.3 Bug? User Password not working

General questions about getting started with SilverStripe that don't fit in any of the categories above.

Moderators: martimiz, Sean, biapar, Willr, Ingo, swaiba, simon_w

Page: 1
Go to End
Author Topic: 449 Views
  • Overt
    Avatar
    Community Member
    5 Posts

    SS3.0.3 Bug? User Password not working Link to this post

    I'm developing a new website with SS3.0.3.
    After the User registers and logouts. Second time he can't login: gets wrong password notification.
    Then he resets password with password reset link. And then he can login successfuly.
    I can't find what is wrong.

    Nothing super fancy, just tried to extend a Member data object. I can't fix the error even when removed the extension.

    I've found such movement in database, Member table:
    After user registers:
    Real password: abc
    Hashed password: $2x$10$f41adb9a2a067b443898aeBPO6oe49keA4Uq0DB1KyJg5WsLg/9nm

    After user resets a password:
    Real password: abc
    Hashed password:
    $2x$10$f41adb9a2a067b443898aeNl4PC58WpWLo8jGnywRthNT8t1A7OuG

    After user changes a password:
    Real password: 123
    Hashed password:
    $2x$10$f41adb9a2a067b443898aexSI39dVVhVTMGTK8o8I3agm/kuofere

    After user changes a password:
    Real password: abc
    Hashed password:
    $2x$10$f41adb9a2a067b443898aeNl4PC58WpWLo8jGnywRthNT8t1A7OuG

  • Willr
    Avatar
    Forum Moderator
    5502 Posts

    Re: SS3.0.3 Bug? User Password not working Link to this post

    If you can write a unit test to replicate the issue, post this message as a bug on open.silverstripe.org along with the code of your unit test to show the steps to reproduce. Seems to work fine for the majority of people (I would think it would create quite a stir if it was borked!)

    Perhaps try 3.1.

  • Overt
    Avatar
    Community Member
    5 Posts

    Re: SS3.0.3 Bug? User Password not working Link to this post

    I think I have figured out the problem.
    It is a Dashboard plugin.

    I've debugged the password encoding process, and found, that after registration, users password was encoded two times. First time, hash code was correct, but after second time it was messed up.

    There is a Call Stacks for encryption:
    First time:

    /framework/security/PasswordEncryptor.php.PasswordEncryptor_Blowfish->encrypt : lineno 179() /framework/security/PasswordEncryptor.php at line 179   
    /framework/security/Security.php.Security::encrypt_password : lineno 830() /framework/security/Security.php at line 830   
    /framework/security/Member.php.Member->onBeforeWrite : lineno 728() /framework/security/Member.php at line 728   
    /framework/model/DataObject.php.DataObject->write : lineno 1058() /framework/model/DataObject.php at line 1058   
    /mysite/code/PageRegistration.php.PageRegistration_Controller->doRegister : lineno 62() /mysite/code/PageRegistration.php at line 62   
    /framework/forms/Form.php.Form->httpSubmission : lineno 360() /framework/forms/Form.php at line 360   
    /framework/control/RequestHandler.php.RequestHandler->handleRequest : lineno 184() /framework/control/RequestHandler.php at line 184   
    /framework/control/RequestHandler.php.RequestHandler->handleRequest : lineno 204() /framework/control/RequestHandler.php at line 204   
    /framework/control/Controller.php.Controller->handleRequest : lineno 153() /framework/control/Controller.php at line 153   
    /cms/code/controllers/ContentController.php.ContentController->handleRequest : lineno 197() /cms/code/controllers/ContentController.php at line 197   
    /cms/code/controllers/ContentController.php.ContentController->handleRequest : lineno 180() /cms/code/controllers/ContentController.php at line 180   
    /cms/code/controllers/ModelAsController.php.ModelAsController->handleRequest : lineno 68() /cms/code/controllers/ModelAsController.php at line 68   
    /framework/control/Director.php.Director::handleRequest : lineno 307() /framework/control/Director.php at line 307   
    /framework/control/Director.php.Director::direct : lineno 119() /framework/control/Director.php at line 119   
    /framework/main.php.require_once : lineno 126() /framework/main.php at line 126   
    /index.php.{main} : lineno 66() /index.php at line 66   

    Second time:

    /framework/security/PasswordEncryptor.php.PasswordEncryptor_Blowfish->encrypt : lineno 179() /framework/security/PasswordEncryptor.php at line 179   
    /framework/security/Security.php.Security::encrypt_password : lineno 830() /framework/security/Security.php at line 830   
    /framework/security/Member.php.Member->onBeforeWrite : lineno 728() /framework/security/Member.php at line 728   
    /framework/model/DataObject.php.DataObject->write : lineno 1058() /framework/model/DataObject.php at line 1058   
    /dashboard/code/DashboardMember.php.DashboardMember->onAfterWrite : lineno 49() /dashboard/code/DashboardMember.php at line 49   
    /framework/core/Object.php.Object->extend : lineno 913() /framework/core/Object.php at line 913   
    /framework/model/DataObject.php.DataObject->onAfterWrite : lineno 949() /framework/model/DataObject.php at line 949   
    /framework/security/Member.php.Member->onAfterWrite : lineno 755() /framework/security/Member.php at line 755   
    /framework/model/DataObject.php.DataObject->write : lineno 1175() /framework/model/DataObject.php at line 1175   
    /mysite/code/PageRegistration.php.PageRegistration_Controller->doRegister : lineno 62() /mysite/code/PageRegistration.php at line 62   
    /framework/forms/Form.php.Form->httpSubmission : lineno 360() /framework/forms/Form.php at line 360   
    /framework/control/RequestHandler.php.RequestHandler->handleRequest : lineno 184() /framework/control/RequestHandler.php at line 184   
    /framework/control/RequestHandler.php.RequestHandler->handleRequest : lineno 204() /framework/control/RequestHandler.php at line 204   
    /framework/control/Controller.php.Controller->handleRequest : lineno 153() /framework/control/Controller.php at line 153   
    /cms/code/controllers/ContentController.php.ContentController->handleRequest : lineno 197() /cms/code/controllers/ContentController.php at line 197   
    /cms/code/controllers/ContentController.php.ContentController->handleRequest : lineno 180() /cms/code/controllers/ContentController.php at line 180   
    /cms/code/controllers/ModelAsController.php.ModelAsController->handleRequest : lineno 68() /cms/code/controllers/ModelAsController.php at line 68   
    /framework/control/Director.php.Director::handleRequest : lineno 307() /framework/control/Director.php at line 307   
    /framework/control/Director.php.Director::direct : lineno 119() /framework/control/Director.php at line 119   
    /framework/main.php.require_once : lineno 126() /framework/main.php at line 126   
    /index.php.{main} : lineno 66() /index.php at line 66   

  • snel
    Avatar
    Community Member
    10 Posts

    Re: SS3.0.3 Bug? User Password not working Link to this post

    Thanks for posting this, helped me after 2h of searching!
    Found my Unit-Tests failing: User-Authentication did not work anymore. Because I did other changes, I didn't think, the Dashboard-Module was the cause. Now, after reading your post and removing the module, unit-tests work again.

    Posted issue on github: https://github.com/unclecheese/silverstripe-dashboard

  • snel
    Avatar
    Community Member
    10 Posts

    Re: SS3.0.3 Bug? User Password not working Link to this post

    The issue has been resolved in the Dashboard-Module (https://github.com/unclecheese/silverstripe-dashboard/issues/17)

    449 Views
Page: 1
Go to Top

Want to know more about the company that brought you SilverStripe? Then check out SilverStripe.com

Comments on this website? Please give feedback.