Uploaded image for project: 'Bitbucket Data Center'
  1. Bitbucket Data Center
  2. BSERV-4458

Can't access your account link should not be shown when external directories are active

XMLWordPrintable

      If you are managing users externally, the change password link doesn't work because Stash only reads from external directories. Changing passwords is only valid for internally managed users.

        1. change-password-stash.png
          change-password-stash.png
          74 kB
        2. password-reset.png
          password-reset.png
          105 kB
        3. userchangepwd.png
          userchangepwd.png
          30 kB

            [BSERV-4458] Can't access your account link should not be shown when external directories are active

            DI2E Licensing added a comment -

            Pierre-Etienne, in the case where a user is in an external directory, it is appropriate to show the new warning. But, under the same conditions, the user should not ALSO be presented with a form to enter their username or email. That is confusing and inconsistent.

            DI2E Licensing added a comment - Pierre-Etienne, in the case where a user is in an external directory, it is appropriate to show the new warning. But, under the same conditions, the user should not ALSO be presented with a form to enter their username or email. That is confusing and inconsistent.

            Pierre-Etienne Poirot (Inactive) added a comment -

            if the user's account is from a editable directory,

            (As of Stash 3.5, external directories are not 'editable' in Stash, meaning that users' accounts from those directories cannot be added, updated or deleted.)

            Pierre-Etienne Poirot (Inactive) added a comment - if the user's account is from a editable directory, (As of Stash 3.5, external directories are not 'editable' in Stash, meaning that users' accounts from those directories cannot be added, updated or deleted.)

            Pierre-Etienne Poirot (Inactive) added a comment - - edited

            After discussion with rbarnes, the thinking is it would be dangerous to provide an option to hide the link 'Can't access your account' because of the following two concerns:

            1. as of Stash 3.5, the user is already provided with sufficient information to understand why the password can or cannot be resetted and what's the follow-up action he/she should perform:
              • if the user's account is from a editable directory, the user is notified that a link was sent to the account's email to reset its password;
              • if the user's account is from a read-only directory, the user is notified of why the account's password cannot be resetted and that he/she could contact his/her administrator to change it;
              • if the user's account does not exist, the user is notified that the account was not found and that he/she would verify the provided account name or email;
            2. additionally, except in the rare case where all the directories are external directories, Stash has usually one editable internal directory (because it is created by default when Stash is setup). And the users in that directory (such as the administrative account created during the setup) needs to be able to reset their accounts' passwords. If the link Can't access your account link was removed from the login page, our concern is that it would allow some (potentially critical) users to completely lock themselves out of Stash, without any mean to reset their passwords.

            Based on those two concerns, the current decision (open to change) is that this issue will be closed as 'Won't fix'.

            Pierre-Etienne Poirot (Inactive) added a comment - - edited After discussion with rbarnes , the thinking is it would be dangerous to provide an option to hide the link ' Can't access your account ' because of the following two concerns: as of Stash 3.5, the user is already provided with sufficient information to understand why the password can or cannot be resetted and what's the follow-up action he/she should perform: if the user's account is from a editable directory, the user is notified that a link was sent to the account's email to reset its password; if the user's account is from a read-only directory, the user is notified of why the account's password cannot be resetted and that he/she could contact his/her administrator to change it; if the user's account does not exist, the user is notified that the account was not found and that he/she would verify the provided account name or email; additionally, except in the rare case where all the directories are external directories, Stash has usually one editable internal directory (because it is created by default when Stash is setup). And the users in that directory (such as the administrative account created during the setup) needs to be able to reset their accounts' passwords. If the link Can't access your account link was removed from the login page, our concern is that it would allow some (potentially critical) users to completely lock themselves out of Stash, without any mean to reset their passwords. Based on those two concerns, the current decision (open to change) is that this issue will be closed as 'Won't fix'.

            Pierre-Etienne Poirot (Inactive) added a comment - - edited

            The current version of Stash shows the correct message when the user is from an external directory: .

            For that case, no email nor link to reset the password is generated.

            Pierre-Etienne Poirot (Inactive) added a comment - - edited The current version of Stash shows the correct message when the user is from an external directory: . For that case, no email nor link to reset the password is generated.

            Martin, SCM Support added a comment -

            We would be very happy if we had an option to turn it off. Also the Password Change button in the user profile, the user should come from an external directory!

            Martin, SCM Support added a comment - We would be very happy if we had an option to turn it off. Also the Password Change button in the user profile, the user should come from an external directory!

            Ankur Mehrotra added a comment -

            Any update on this issue when will it be resolved ?
            I am also facing the same issue - we do not want to show the "Can't access your account?" url on the login page of stash application, as it is very misleading

            Ankur Mehrotra added a comment - Any update on this issue when will it be resolved ? I am also facing the same issue - we do not want to show the "Can't access your account?" url on the login page of stash application, as it is very misleading

            Scott Mace added a comment -

            Could really do with this feature in Jira 3.x.x onwards as well. It is very misleading to our customers who keep clicking on the link expecting to change their password. They are all managed by our external LDAP.

            Scott Mace added a comment - Could really do with this feature in Jira 3.x.x onwards as well. It is very misleading to our customers who keep clicking on the link expecting to change their password. They are all managed by our external LDAP.

            jhinch (Atlassian) added a comment -

            I believe this is a regression in a recent version of Stash

            jhinch (Atlassian) added a comment - I believe this is a regression in a recent version of Stash

              pepoirot Pierre-Etienne Poirot (Inactive)
              tbomfim ThiagoBomfim (Inactive)
              Affected customers:
              5 This affects my team
              Watchers:
              10 Start watching this issue

                Created:
                Updated:
                Resolved: