When the bakery module creates a new user account in the slave site to match that of the master site, it always generates a random password using the user_password() function. Then, if the user later on needs to repair their account, and it asks for their password, it always fails to work because it's validating against their LOCAL user account on the slave, not checking with the master.

This seems like a bug to me. The slave user account password should be set to a password provided by the master. Having taken a look at the code I'm not sure the best solution, as I'm not sure how the password from the master site would come in - would it be encrypted, as stored in the database? I would assume probably it would be. Not sure what happens when you save a new account using an already hashed password. The solution may, therefore, be trickier. Maybe submitting the repair form needs to authenticate against the master again?

Not sure the best solution, but definitely needs to be addressed as currently the repair function does not work at all because of this.

Comments

fuzzy76’s picture

fuzzy76 CreditAttribution: fuzzy76 commented

FWIW, I actually like that the slave site doesn't necessarily have the user password. It allows "untrusted" slave sites sort of the same way OpenID does.