Uploaded image for project: 'Bitbucket Data Center'
  1. Bitbucket Data Center
  2. BSERV-3424

Disable "Change password" field from admin and user page when delegated authentication is used

      If the user was created using the delegated LDAP authentication, in the admin page (admin/users/view?name=USERNAME ) the change password field should be disabled and the user shouldn't even be
      presented with the option of changing his/her password in the user page (Manage account/change password).
      Users are also prompted to reset their password through Stash if their account is expired.

        1. Admin_page.PNG
          Admin_page.PNG
          53 kB
        2. User_page.PNG
          User_page.PNG
          31 kB

            [BSERV-3424] Disable "Change password" field from admin and user page when delegated authentication is used

            Peter Koczan (Inactive) added a comment - - edited

            As a workaround for earlier version, if you want to remove the change password tab for your users entirely (meaning this will affect all your users, regardless to which directory they are authenticated against), you can follow these instructions:

            You will need to modify the <STASH-INSTALL>/atlassian-stash/WEB-INF/classes/stash-plugins/server-web-fragments.xml and uncomment the section that displays the web fragment for the password change tab on the screen. So essentially remove/uncomment this section:

                <web-item key="account-password-section" name="Change Password tab web item" weight="20" section="stash.user.account.nav">
                    <label key="stash.web.user.account.tabs.changepassword"/>
                    <link>${navBuilder.account().password().buildRelNoContext()}</link>
                </web-item>

            If you want to remove the tab from the administrator screen too, you need to edit the file <STASH-INSTALL>/atlassian-stash/static/page/admin/users/useredit.soy, removing the following:

                                                {call stash.buttons.button}
                                                        {param buttonText: getText('stash.web.user.changepassword.button') /}
                                                        {{param title: getText('stash.web.user.changepassword.title', $user.displayName) /}}
                                                        {param id: 'update-password-user' /}
                                                    {/call}

            After this restart of Stash is required for the changes to be effective. If the changes are not visible, you may need to empty the contents of <STASH-INSTALL>/work and <STASH-INSTALL>/temp while Stash is not running.

            Peter Koczan (Inactive) added a comment - - edited As a workaround for earlier version, if you want to remove the change password tab for your users entirely (meaning this will affect all your users, regardless to which directory they are authenticated against), you can follow these instructions: You will need to modify the <STASH-INSTALL>/atlassian-stash/WEB-INF/classes/stash-plugins/server-web-fragments.xml and uncomment the section that displays the web fragment for the password change tab on the screen. So essentially remove/uncomment this section: <web-item key= "account-password-section" name= "Change Password tab web item" weight= "20" section= "stash.user.account.nav" > <label key= "stash.web.user.account.tabs.changepassword" /> <link> ${navBuilder.account().password().buildRelNoContext()} </link> </web-item> If you want to remove the tab from the administrator screen too, you need to edit the file <STASH-INSTALL>/atlassian-stash/static/page/admin/users/useredit.soy , removing the following: {call stash.buttons.button} {param buttonText: getText('stash.web.user.changepassword.button') /} {{param title: getText('stash.web.user.changepassword.title', $user.displayName) /}} {param id: 'update-password-user' /} {/call} After this restart of Stash is required for the changes to be effective. If the changes are not visible, you may need to empty the contents of <STASH-INSTALL>/work and <STASH-INSTALL>/temp while Stash is not running.

            A fix for this issue will be included in Stash 3.7 (rather than Stash 3.6, the version that should be released this week).

            Pierre-Etienne Poirot (Inactive) added a comment - A fix for this issue will be included in Stash 3.7 (rather than Stash 3.6, the version that should be released this week).

            Atlassian should be embarrassed by the fact that this defect has been known for over a year and does nothing to fix it - leaving administrators like to explain to people in our companies that the software is defective / inadequate.

            Craig White added a comment - Atlassian should be embarrassed by the fact that this defect has been known for over a year and does nothing to fix it - leaving administrators like to explain to people in our companies that the software is defective / inadequate.

            It would be nice if we could change the URL to link to our external password management system, much like Jira and Confluence.

            Stephen Smith added a comment - It would be nice if we could change the URL to link to our external password management system, much like Jira and Confluence.

            Martin K added a comment -

            What is the status here?
            Thanks
            Martin

            Martin K added a comment - What is the status here? Thanks Martin

            MattS added a comment -

            This isn't minor for all the Stash admins who have users try to do this. JIRA, Confluence etc have an External User Management option, and Stash really needs something like that

            MattS added a comment - This isn't minor for all the Stash admins who have users try to do this. JIRA, Confluence etc have an External User Management option, and Stash really needs something like that

              pepoirot Pierre-Etienne Poirot (Inactive)
              athaha AsmathA
              Affected customers:
              15 This affects my team
              Watchers:
              17 Start watching this issue

                Created:
                Updated:
                Resolved: