[JBoss JIRA] (JBIDE-17615) When runtime download asks to reenter credentials, it will not accept them even if valid

Tuesday, 2 August 2016

    [
https://issues.jboss.org/browse/JBIDE-17615?page=com.atlassian.jira.plugi...
] 

Martin Malina edited comment on JBIDE-17615 at 8/2/16 7:28 AM:
---------------------------------------------------------------

I was waiting for jboss.org change password page to be fixed to verify this: ORG-3476
But today I realized that I can use a Red Hat Developer account instead.
So I used a new social account that I created at developers.redhat.com using my github
account. I was able to download EAP normally - that verified JBIDE-21801 is fixed.
But then I tried the scenario when I first go through the dialog and after entering the
credentials in Eclipse and just before the actual download starts, I changed my rh
developer password. I got a pop up asking me for credentials.

!reenter-password.png!

But now I was unable to make it work even if I provided the new password. (And when I
finally cancelled this and went through the dialog again, I was able to download using the
new password.) Note that it's not clear from this dialog what domain I'm using,
but I assume it should use the same domain that I used originally. I would argue that the
account name should probably be locked down as well at this point.

was (Author: mmalina):
I was waiting for jboss.org change password page to be fixed to verify this: ORG-3476
But today I realized that I can use a Red Hat Developer account instead.
So I used a new social account that I created at developers.redhat.com using my github
account. I was able to download EAP normally - that verified JBIDE-21801 is fixed.
But then I tried the scenario when I first go through the dialog and after entering the
credentials in Eclipse and just before the actual download starts, I changed my rh
developer password. I got a pop up asking me for credentials.

But now I was unable to make it work even if I provided the new password. (And when I
finally cancelled this and went through the dialog again, I was able to download using the
new password.) Note that it's not clear from this dialog what domain I'm using,
but I assume it should use the same domain that I used originally. I would argue that the
account name should probably be locked down as well at this point.

...
 When runtime download asks to reenter credentials, it will not accept
them even if valid
 ----------------------------------------------------------------------------------------

                 Key: JBIDE-17615
                 URL: https://issues.jboss.org/browse/JBIDE-17615
             Project: Tools (JBoss Tools)
          Issue Type: Bug
          Components: server
    Affects Versions: 4.2.0.Beta2
         Environment: JBDS 8.0.0.Beta2c B130
            Reporter: Martin Malina
            Assignee: Rob Stryker
             Fix For: 4.4.1.AM3

         Attachments: reenter-password.png

 I was playing around JBIDE-17601 - that JIRA is about the bug that JBoss.org credentials
were not validated when you went through new archetype from central -> Download &
Install. So you could enter anything and it would let you carry on. But once the real
download is about to start, you will get a popup to enter the credentials again (since the
downloader needs the correct password). Even if you now enter the correct credentials, it
will ask you 2 more times and then fail on Incorrect password.
 Yes, this will be less likely to happen once JBIDE-17601 is fixed. But I suppose that the
popup is in place exactly for the situation when the password needs to be corrected, so it
should work, right?
 There may still be a valid use case to hit this issue (although a very rare case):
 1. User starts the runtime download dialog, enters correct credentials, moves to license
 2. User changes his password on jboss.org
 3. User carries on in the dialog to actually start the download - now he will probably be
asked to correct his credentials
 So in my opinion, if we already have a mechanism to ask for credentials again, then it
should work. If you say this is not needed, then why even allow the popup? 

--
This message was sent by Atlassian JIRA
(v6.4.11#64026)

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006