starred/cypht
1
0
Fork 0
mirror of https://github.com/cypht-org/cypht.git synced 2026-04-25 13:05:53 +03:00
Code Issues 137 Projects Releases Packages Wiki Activity

[GH-ISSUE #341] Logging in after changing password leads to broken settings #293

New issue
Closed
opened 2026-02-25 21:34:40 +03:00 by kerem · 8 comments
kerem commented 2026-02-25 21:34:40 +03:00
Owner
Copy link

Originally created by @HanPrower on GitHub (Apr 26, 2019).
Original GitHub issue: https://github.com/cypht-org/cypht/issues/341

Originally assigned to: @IrAlfred, @Baraka24 on GitHub.

🐛 Bugreport

After changing account password with php ./scripts/update_password.php username password can't login without deleting cookies. Once logged in settings of account no longer seem to be attached.

Changing the password back to what it was before allows settings to load correctly.

I see no way to change the password internally.

Version & Environment

Commit: github.com/jasonmunro/cypht@8f76381981
OS: Arch Linux (rolling)
Auth: Database (mariadb) + Redis
Environment:

PHP version	7.3.4
Zend version	3.3.4
SAPI	fpm-fcgi
Enabled Modules	core, pop3, imap, smtp, account, idle_timer, desktop_notifications, themes, nux, developer, history, saved_searches, advanced_search, profiles, inline_message, imap_folders, keyboard_shortcuts

Steps to reproduce

  1. Make account and set up some settings, save & logout
  2. Change password using php ./scripts/update_password.php username password (the password hash in the db does change)
  3. Try and login; prompted is wrong
  4. Delete cookies and login again; this time it logs in
  5. Notice any saved settings are missing (general, email servers, etc.)
  6. Use script to set password back to what it was, delete cookies and login and settings are back

I did see https://github.com/jasonmunro/cypht/issues/98, but it doesn't seem relevant to this.

Originally created by @HanPrower on GitHub (Apr 26, 2019). Original GitHub issue: https://github.com/cypht-org/cypht/issues/341 Originally assigned to: @IrAlfred, @Baraka24 on GitHub. ## 🐛 Bugreport After changing account password with` php ./scripts/update_password.php username password` can't login without deleting cookies. Once logged in settings of account no longer seem to be attached. Changing the password back to what it was before allows settings to load correctly. I see no way to change the password internally. ### Version & Environment Commit: https://github.com/jasonmunro/cypht/commit/8f76381981376fc5b045c3bda37acaa3f434bf87 OS: Arch Linux (rolling) Auth: Database (mariadb) + Redis Environment: ``` PHP version 7.3.4 Zend version 3.3.4 SAPI fpm-fcgi Enabled Modules core, pop3, imap, smtp, account, idle_timer, desktop_notifications, themes, nux, developer, history, saved_searches, advanced_search, profiles, inline_message, imap_folders, keyboard_shortcuts ``` ### Steps to reproduce 1. Make account and set up some settings, save & logout 2. Change password using `php ./scripts/update_password.php username password` (the password hash in the db does change) 3. Try and login; prompted is wrong 4. Delete cookies and login again; this time it logs in 5. Notice any saved settings are missing (general, email servers, etc.) 6. Use script to set password back to what it was, delete cookies and login and settings are back I did see https://github.com/jasonmunro/cypht/issues/98, but it doesn't seem relevant to this.
kerem closed this issue 2026-02-25 21:34:40 +03:00
kerem commented 2026-02-25 21:34:40 +03:00
Author
Owner
Copy link

@jasonmunro commented on GitHub (May 6, 2019):

Hello, thanks for the feedback. A couple thoughts:

  • When using built in authentication you should have a Settings -> Password page in the main menu that allows you to change your password without losing your settings.
  • It's a known issue that changing your password externally from Cypht (including the cli script, which I sort of forgot about), causes settings to be lost. There is a recover_settings module set however that you can enable to recover those presuming the old password is still known.

We could also improve that cli script to take both the old and new password so that it can decrypt then re-encrypt settings so this does not happen when using it.

<!-- gh-comment-id:489760253 --> @jasonmunro commented on GitHub (May 6, 2019): Hello, thanks for the feedback. A couple thoughts: - When using built in authentication you should have a Settings -> Password page in the main menu that allows you to change your password without losing your settings. - It's a known issue that changing your password externally from Cypht (including the cli script, which I sort of forgot about), causes settings to be lost. There is a recover_settings module set however that you can enable to recover those presuming the old password is still known. We could also improve that cli script to take both the old and new password so that it can decrypt then re-encrypt settings so this does not happen when using it.
kerem commented 2026-02-25 21:34:40 +03:00
Author
Owner
Copy link

@HanPrower commented on GitHub (May 7, 2019):

Hm, not sure how I missed the Settings -> Password. I swear it wasn't there before... probably just blind.

When you do use that form, however, it does throw an error. When looking at the error log it seems related to a missing translation. The password does change though.

<!-- gh-comment-id:489980492 --> @HanPrower commented on GitHub (May 7, 2019): Hm, not sure how I missed the Settings -> Password. I swear it wasn't there before... probably just blind. When you do use that form, however, it does throw an error. When looking at the error log it seems related to a missing translation. The password does change though.
kerem commented 2026-02-25 21:34:40 +03:00
Author
Owner
Copy link

@jasonmunro commented on GitHub (May 7, 2019):

We log missing translations as a way to easily know what needs to be added to the translation files, but those messages are information only and will not cause bad behavior (aside from not being translated properly).

<!-- gh-comment-id:490109703 --> @jasonmunro commented on GitHub (May 7, 2019): We log missing translations as a way to easily know what needs to be added to the translation files, but those messages are information only and will not cause bad behavior (aside from not being translated properly).
kerem commented 2026-02-25 21:34:40 +03:00
Author
Owner
Copy link

@marclaporte commented on GitHub (Feb 27, 2021):

Lost settings reminds me of https://github.com/jasonmunro/cypht/issues/349

<!-- gh-comment-id:786967681 --> @marclaporte commented on GitHub (Feb 27, 2021): Lost settings reminds me of https://github.com/jasonmunro/cypht/issues/349
kerem commented 2026-02-25 21:34:40 +03:00
Author
Owner
Copy link

@marclaporte commented on GitHub (Mar 9, 2021):

Likely fixed by github.com/jasonmunro/cypht@0eef136450

<!-- gh-comment-id:794455812 --> @marclaporte commented on GitHub (Mar 9, 2021): Likely fixed by https://github.com/jasonmunro/cypht/commit/0eef1364503158b4ef7b058eda07ab7f9a4b63c5
kerem commented 2026-02-25 21:34:40 +03:00
Author
Owner
Copy link

@jasonmunro commented on GitHub (Mar 9, 2021):

Likely fixed by 0eef136

unfortunately it will not effect that. The CLI script will need quite a bit more work to correctly maintain the settings on password change including the requirement that the old password be submitted as an argument

<!-- gh-comment-id:794567270 --> @jasonmunro commented on GitHub (Mar 9, 2021): > Likely fixed by [0eef136](https://github.com/jasonmunro/cypht/commit/0eef1364503158b4ef7b058eda07ab7f9a4b63c5) unfortunately it will not effect that. The CLI script will need quite a bit more work to correctly maintain the settings on password change including the requirement that the old password be submitted as an argument
kerem commented 2026-02-25 21:34:40 +03:00
Author
Owner
Copy link

@jasonmunro commented on GitHub (Mar 10, 2021):

I am going to keep this open as it is legit - however it is not a bug as I built this as a last resort for restoring login. We can address this over time (changing passwords in the app successfully converts settings for non-emergency situations) but not hold up new releases :)

<!-- gh-comment-id:794785208 --> @jasonmunro commented on GitHub (Mar 10, 2021): I am going to keep this open as it is legit - however it is not a bug as I built this as a last resort for restoring login. We can address this over time (changing passwords in the app successfully converts settings for non-emergency situations) but not hold up new releases :)
kerem commented 2026-02-25 21:34:40 +03:00
Author
Owner
Copy link

@marclaporte commented on GitHub (May 7, 2024):

@HanPrower

Please retest, as a lot has changed since you reported this issue. Notably, we now have 3 active branches and recently released Cypht 2.0.0

<!-- gh-comment-id:2097128369 --> @marclaporte commented on GitHub (May 7, 2024): @HanPrower Please retest, as a lot has changed since you reported this issue. Notably, we now have 3 active branches and recently released Cypht 2.0.0 - https://github.com/cypht-org/cypht/releases/tag/v2.0.0 - https://github.com/cypht-org/cypht/wiki/Lifecycle
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
master
2.x
mta-sts-implementation
feat-compose-backspace-delete-recipients
release-2.5.1
add-tls3-support
1.4.x
enforce-coverage
release-2.4.2
strip_dns_prefetch_tags
fix_nightly_build
pr-title-validation-update
review-sent-email
revert-1339-fixed-tags-display
revert-1061-rem-cram-md5
sys-messages-revamp
revert-685-fixed-str-pos-warning-when-no-to
revert-590-empty-settings
release-1.3.0
revert-471-draft-add-warning
revert-454-feature/server-list-by-uniqid
php7.4-support
release-1.2.0
remove-mobile-media-queries
release-1.1.0
release-1.0.0
v2.7.0
v2.6.0
v2.5.1
v2.5.0
v1.4.7
v2.4.2
v2.4.1
v1.4.6
v1.4.5
v2.4.0
v2.3.0
v2.2.0
v1.4.4
v2.1.0
v2.0.1
v1.4.3
v2.0.0
v1.4.2
v1.4.1
v1.4.0
v1.3.0
v1.3.0-rc3
v1.3.0-rc2
v1.3.0-rc1
v1.1.0
v1.1.0-rc4
v1.1.0-rc3
v1.1.0-rc2
v1.1.0-rc1
v1.0.0
v1.0.0-rc8
v1.0.0-rc7
v1.0.0-rc6
v1.0.0-rc5
v1.0.0-rc4
v1.0.0-rc3
v1.0.0-rc2
v1.0.0-rc1
Labels
Clear labels   
2fa

   
I18N

   
PGP

   
Security

   
Security

   
account

   
advanced_search

   
advanced_search

   
announcement

   
api_login

   
authentication

   
awaiting feedback

   
blocker

   
bug

   
bug

   
bug

   
calendar

   
config

   
contacts

   
core

   
core

   
devops

   
docker

   
docs

   
duplicate

   
dynamic_login

   
enhancement

   
epic

   
feature

   
feeds

   
framework

   
github

   
github

   
gmail_contacts

   
good first issue

   
help wanted

   
history

   
history

   
imap

   
imap_folders

   
inline_message

   
installation

   
keyboard_shortcuts

   
keyboard_shortcuts

   
ldap_contacts

   
mobile

   
need-ssh-access

   
new module set

   
nux

   
pop3

   
profiles

   
pull-request

Mirrored from GitHub Pull Request

  
question

   
refactor

   
release

   
research

   
saved_searches

   
smtp

   
strategic

   
tags

   
tests

   
themes

   
website

   
wordpress
No labels
2fa
I18N
PGP
Security
Security
account
advanced_search
advanced_search
announcement
api_login
authentication
awaiting feedback
blocker
bug
bug
bug
calendar
config
contacts
core
core
devops
docker
docs
duplicate
dynamic_login
enhancement
epic
feature
feeds
framework
github
github
gmail_contacts
good first issue
help wanted
history
history
imap
imap_folders
inline_message
installation
keyboard_shortcuts
keyboard_shortcuts
ldap_contacts
mobile
need-ssh-access
new module set
nux
pop3
profiles
pull-request
question
refactor
release
research
saved_searches
smtp
strategic
tags
tests
themes
website
wordpress
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/cypht#293
No description provided.