Details
-
Bug
-
Resolution: Unresolved
-
High
-
None
-
2018.06
-
None
Description
Users created by the LDAP login handler have password_hash_type = 0 and password_hash is empty string. On login the standard login handler runs first. It currently doesn't recognise these users and logs an error:
Password hash type ID '0' is not recognized. Defaulting to eZUser::DEFAULT_PASSWORD_HASH.
We should accept this case without errors.
Steps to reproduce:
- Set up the LDAP login handler after the standard login handler
- Or (simpler), set up the Textfile login handler after the standard login handler
- Or (simplest), manually edit the ezuser table for a regular user and set password_hash_type = 0 and password_hash to empty string. Login won't work for this user, before or after the fix, but that's ok.
- Log in as an LDAP / textfile / manually hacked user
- Check the error.log for the message mentioned above. Expected after fix: No error message in the log.
- Manually edit another user, set password_hash_type = 42
- Log in as this user. Expected before and after fix: Login will fail, and the error message above will show in the log.