[jbosstools-issues] [JBoss JIRA] (JBIDE-17615) When runtime download asks to reenter credentials, it will not accept them even if valid
Martin Malina (JIRA)
issues at jboss.org
Tue Aug 2 07:29:00 EDT 2016
[ https://issues.jboss.org/browse/JBIDE-17615?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13273888#comment-13273888 ]
Martin Malina edited comment on JBIDE-17615 at 8/2/16 7:28 AM:
---------------------------------------------------------------
I was waiting for jboss.org change password page to be fixed to verify this: ORG-3476
But today I realized that I can use a Red Hat Developer account instead.
So I used a new social account that I created at developers.redhat.com using my github account. I was able to download EAP normally - that verified JBIDE-21801 is fixed.
But then I tried the scenario when I first go through the dialog and after entering the credentials in Eclipse and just before the actual download starts, I changed my rh developer password. I got a pop up asking me for credentials.
!reenter-password.png!
But now I was unable to make it work even if I provided the new password. (And when I finally cancelled this and went through the dialog again, I was able to download using the new password.) Note that it's not clear from this dialog what domain I'm using, but I assume it should use the same domain that I used originally. I would argue that the account name should probably be locked down as well at this point.
was (Author: mmalina):
I was waiting for jboss.org change password page to be fixed to verify this: ORG-3476
But today I realized that I can use a Red Hat Developer account instead.
So I used a new social account that I created at developers.redhat.com using my github account. I was able to download EAP normally - that verified JBIDE-21801 is fixed.
But then I tried the scenario when I first go through the dialog and after entering the credentials in Eclipse and just before the actual download starts, I changed my rh developer password. I got a pop up asking me for credentials.
But now I was unable to make it work even if I provided the new password. (And when I finally cancelled this and went through the dialog again, I was able to download using the new password.) Note that it's not clear from this dialog what domain I'm using, but I assume it should use the same domain that I used originally. I would argue that the account name should probably be locked down as well at this point.
> When runtime download asks to reenter credentials, it will not accept them even if valid
> ----------------------------------------------------------------------------------------
>
> Key: JBIDE-17615
> URL: https://issues.jboss.org/browse/JBIDE-17615
> Project: Tools (JBoss Tools)
> Issue Type: Bug
> Components: server
> Affects Versions: 4.2.0.Beta2
> Environment: JBDS 8.0.0.Beta2c B130
> Reporter: Martin Malina
> Assignee: Rob Stryker
> Fix For: 4.4.1.AM3
>
> Attachments: reenter-password.png
>
>
> I was playing around JBIDE-17601 - that JIRA is about the bug that JBoss.org credentials were not validated when you went through new archetype from central -> Download & Install. So you could enter anything and it would let you carry on. But once the real download is about to start, you will get a popup to enter the credentials again (since the downloader needs the correct password). Even if you now enter the correct credentials, it will ask you 2 more times and then fail on Incorrect password.
> Yes, this will be less likely to happen once JBIDE-17601 is fixed. But I suppose that the popup is in place exactly for the situation when the password needs to be corrected, so it should work, right?
> There may still be a valid use case to hit this issue (although a very rare case):
> 1. User starts the runtime download dialog, enters correct credentials, moves to license
> 2. User changes his password on jboss.org
> 3. User carries on in the dialog to actually start the download - now he will probably be asked to correct his credentials
> So in my opinion, if we already have a mechanism to ask for credentials again, then it should work. If you say this is not needed, then why even allow the popup?
--
This message was sent by Atlassian JIRA
(v6.4.11#64026)
More information about the jbosstools-issues
mailing list