[jbosstools-issues] [JBoss JIRA] (JBIDE-17615) When runtime download asks to reenter credentials, it will not accept them even if valid

Tue Aug 2 07:29:00 EDT 2016

    [ https://issues.jboss.org/browse/JBIDE-17615?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13273888#comment-13273888 ] 

Martin Malina edited comment on JBIDE-17615 at 8/2/16 7:28 AM:
---------------------------------------------------------------

I was waiting for jboss.org change password page to be fixed to verify this: ORG-3476
But today I realized that I can use a Red Hat Developer account instead.
So I used a new social account that I created at developers.redhat.com using my github account. I was able to download EAP normally - that verified JBIDE-21801 is fixed.
But then I tried the scenario when I first go through the dialog and after entering the credentials in Eclipse and just before the actual download starts, I changed my rh developer password. I got a pop up asking me for credentials.

!reenter-password.png!

But now I was unable to make it work even if I provided the new password. (And when I finally cancelled this and went through the dialog again, I was able to download using the new password.) Note that it's not clear from this dialog what domain I'm using, but I assume it should use the same domain that I used originally. I would argue that the account name should probably be locked down as well at this point.

was (Author: mmalina):
I was waiting for jboss.org change password page to be fixed to verify this: ORG-3476
But today I realized that I can use a Red Hat Developer account instead.
So I used a new social account that I created at developers.redhat.com using my github account. I was able to download EAP normally - that verified JBIDE-21801 is fixed.
But then I tried the scenario when I first go through the dialog and after entering the credentials in Eclipse and just before the actual download starts, I changed my rh developer password. I got a pop up asking me for credentials.

But now I was unable to make it work even if I provided the new password. (And when I finally cancelled this and went through the dialog again, I was able to download using the new password.) Note that it's not clear from this dialog what domain I'm using, but I assume it should use the same domain that I used originally. I would argue that the account name should probably be locked down as well at this point.

> When runtime download asks to reenter credentials, it will not accept them even if valid
> ----------------------------------------------------------------------------------------
>
>                 Key: JBIDE-17615
>                 URL: https://issues.jboss.org/browse/JBIDE-17615
>             Project: Tools (JBoss Tools)
>          Issue Type: Bug
>          Components: server
>    Affects Versions: 4.2.0.Beta2
>         Environment: JBDS 8.0.0.Beta2c B130
>            Reporter: Martin Malina
>            Assignee: Rob Stryker
>             Fix For: 4.4.1.AM3
>
>         Attachments: reenter-password.png
>
>
> I was playing around JBIDE-17601 - that JIRA is about the bug that JBoss.org credentials were not validated when you went through new archetype from central -> Download & Install. So you could enter anything and it would let you carry on. But once the real download is about to start, you will get a popup to enter the credentials again (since the downloader needs the correct password). Even if you now enter the correct credentials, it will ask you 2 more times and then fail on Incorrect password.
> Yes, this will be less likely to happen once JBIDE-17601 is fixed. But I suppose that the popup is in place exactly for the situation when the password needs to be corrected, so it should work, right?
> There may still be a valid use case to hit this issue (although a very rare case):
> 1. User starts the runtime download dialog, enters correct credentials, moves to license
> 2. User changes his password on jboss.org
> 3. User carries on in the dialog to actually start the download - now he will probably be asked to correct his credentials
> So in my opinion, if we already have a mechanism to ask for credentials again, then it should work. If you say this is not needed, then why even allow the popup?

--
This message was sent by Atlassian JIRA
(v6.4.11#64026)