Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

A user with a mandatory globus login can ask for a password reset (and they shouldn't). #1391

Open
prioux opened this issue May 13, 2024 · 0 comments · May be fixed by #1393
Open

A user with a mandatory globus login can ask for a password reset (and they shouldn't). #1391

prioux opened this issue May 13, 2024 · 0 comments · May be fixed by #1393
Assignees
@MontrealSergiy
Labels
Bug Priority: Normal User Interface

Comments

@prioux
Copy link
Member

prioux commented May 13, 2024

When a user account is created, the sysadmin can select to force the user to link the account with a globus identity and when the user first logs in, they will be forced to do so. Normally, this also wipes out the password and salt from the user account to make this authentication mechanism no longer available.

However, the login page's "reset password" form still works and the user can request a reset. But now, the account's 'reset_password' field will be set in the account, and the globus authentication system will enter an infinite loop when the user next tries to log in.

We should disabled the ability to reset a password once a globus link was made. The controller shoudl send a message to the users saying something like "this account requires globus to authenticate, password reset is unavailable".

There is no security issue associated with this problem, it's simply users can no longer connect.
@prioux prioux changed the title A user with a mandatory globus login can ask for a password reset. A user with a mandatory globus login can ask for a password reset (and they shouldn't). May 13, 2024
@MontrealSergiy MontrealSergiy self-assigned this May 13, 2024
MontrealSergiy added a commit to MontrealSergiy/cbrain that referenced this issue May 14, 2024
@MontrealSergiy
prevent global only user to reset password aces#1391
e9abfd4
MontrealSergiy added a commit to MontrealSergiy/cbrain that referenced this issue May 14, 2024
@MontrealSergiy
prevent global only user to reset password aces#1391
54c1fa5
MontrealSergiy added a commit to MontrealSergiy/cbrain that referenced this issue May 14, 2024
@MontrealSergiy
prevent global only user to reset password (verbiage, spacing) aces#1391
6f79b59
MontrealSergiy added a commit to MontrealSergiy/cbrain that referenced this issue May 14, 2024
@MontrealSergiy
prevent global only user to reset password (restore a line break) ace…
123566e 
…s#1391
@MontrealSergiy MontrealSergiy linked a pull request May 14, 2024 that will close this issue
Open
MontrealSergiy added a commit to MontrealSergiy/cbrain that referenced this issue May 14, 2024
@MontrealSergiy
unittests for Globus password reset aces#1391
47ec6a8
MontrealSergiy added a commit to MontrealSergiy/cbrain that referenced this issue May 14, 2024
@MontrealSergiy
unittest verbiage for Globus password reset aces#1391
87a63ad
@MontrealSergiy MontrealSergiy linked a pull request May 14, 2024 that will close this issue
Block password reset for Globus confined users #1393
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@MontrealSergiy MontrealSergiy

Labels
Bug Priority: Normal User Interface
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Block password reset for Globus confined users MontrealSergiy/cbrain
2 participants
@prioux @MontrealSergiy