mahara-contributors team mailing list archive

Thread
Date

[Bug 799594] A change has been merged

To: mahara-contributors@xxxxxxxxxxxxxxxxxxx
From: Mahara Bot <799594@xxxxxxxxxxxxxxxxxx>
Date: Thu, 11 Aug 2011 00:18:40 -0000
Reply-to: Bug 799594 <799594@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Reviewed:  https://reviews.mahara.org/568
Committed: http://gitorious.org/mahara/mahara/commit/62842915d21e6b4b39e0aa78d60c2ae84fb30d63
Submitter: Hugh Davenport (hugh@xxxxxxxxxxxxxxx)
Branch:    master

commit 62842915d21e6b4b39e0aa78d60c2ae84fb30d63
Author: Richard Mansfield <richard.mansfield@xxxxxxxxxxxxxxx>
Date:   Tue Aug 9 12:25:49 2011 +1200

    Send password in cleartext in Leap2a new account emails
    
    Moving password encryption into create_user() (bug #799594) broke
    new account emails for new Leap2a imported users, because Leap2a
    users are reloaded from the database before the email is sent.
    
    Change-Id: I9b9e65b0cd92261b1b81179a3828ee644fb82785
    Signed-off-by: Richard Mansfield <richard.mansfield@xxxxxxxxxxxxxxx>

-- 
You received this bug notification because you are a member of Mahara
Contributors, which is subscribed to Mahara.
https://bugs.launchpad.net/bugs/799594

Title:
  Ensure all new users without passwords have salt set

Status in Mahara ePortfolio:
  Fix Committed

Bug description:
  When an admin creates a new user on the site, we always ensure that
  the user is created with random salt, and either has an empty password
  or their password encrypted with the salt, depending on the auth
  method.

  To make sure this is true for new users created by other methods
  (registration, xmlrpc), we can move the function to encrypt the
  password into the create_user() function and avoid some duplication.

To manage notifications about this bug go to:
https://bugs.launchpad.net/mahara/+bug/799594/+subscriptions

References

[Bug 799594] [NEW] Ensure all new users without passwords have salt set
From: Richard Mansfield, 2011-06-20