Bug 384894 - User avatar is applied even if the password dialog is canceled
Summary: User avatar is applied even if the password dialog is canceled
Alias: None
Product: user-manager
Classification: Plasma
Component: kcontrol module (show other bugs)
Version: 5.16.5
Platform: Other Linux
: NOR normal
Target Milestone: ---
Assignee: Jonathan Riddell
Depends on:
Reported: 2017-09-20 16:56 UTC by miklos
Modified: 2019-11-21 14:37 UTC (History)
4 users (show)

See Also:
Latest Commit:
Version Fixed In: 5.18


Note You need to log in before you can comment on or make changes to this bug.
Description miklos 2017-09-20 16:56:07 UTC
I change the picture, and click the apply button. I get a password prompt, I click cancel, it appears again, I click cancel, and yet in the end the user picture gets updated. Why???????????????????
Comment 1 Christoph Feck 2017-09-23 04:18:22 UTC
Please add exact steps to reproduce. From your description it is unclear if you are changing the pictures in the user account manager, or in the login manager settings.
Comment 2 miklos 2017-09-23 14:20:31 UTC
Exact steps to reproduce:
1. Start System Settings
2. Select Account Details from the Personalization category
3. Select the User Manager tab
4. Click on the picture associated with the user account
5. Select "Choose from Gallery..."
6. Choose a picture
7. Select a region of the image (optional), and click Ok
8. Click Apply in the bottom right corner
9. Get an Authentication Required prompt, click Cancel
10. Get an Authentication Required prompt, click Cancel
11. Get an Authentication Required prompt, click Cancel
12. Congratulations, your picture is changed

My questions:
1. Why does it ask for a password to change my picture?
2. Why does it change it when I don't give the password?
3. It asks for the root password, and not my (administrator) account's password. How does this work on distros where there is no root password just sudo?
4. (unrelated) What does the "Administrator" check box do? There is no documentation on any of the options in the System Settings Handbook.
Comment 3 Holger 2017-11-03 19:04:19 UTC
Also trying to change the users own login-password requires the root-password, witch is weird.
Comment 4 Patrick Silva 2017-11-17 13:29:36 UTC
I can confirm on neon dev unstable.
When I apply the new avatar, user-manager asks for my password. If I cancel the password dialog, user-manager shows the password dialog again two times and apply the new avatar even if I cancel all the three password dialogs.
Comment 5 Patrick Silva 2018-02-14 01:52:00 UTC
plasma 5.12.1 is affected.
Comment 6 13hurdw 2018-09-11 14:45:03 UTC
Experienced the same issue in neon KDE 5.13.5
Changing avatar should not ask for password.
Comment 7 postix 2019-10-07 21:48:45 UTC
Can confirm it this super annoying issue on:

Operating System: Manjaro Linux 
KDE Plasma Version: 5.16.5
KDE Frameworks Version: 5.63.0
Qt Version: 5.13.1
Comment 8 postix 2019-10-07 21:50:14 UTC
Also happens to me after I press apply to change the "full name" of my own account.
Comment 9 Patrick Silva 2019-10-07 21:54:47 UTC
(In reply to Postix from comment #8)
> Also happens to me after I press apply to change the "full name" of my own
> account.

already reported as bug 392943
Comment 10 Méven Car 2019-11-21 14:37:49 UTC
Git commit b279882ad9e4773a11c9b1e6673a1f3a133e3f8e by Méven Car.
Committed on 21/11/2019 at 14:37.
Pushed by meven into branch 'master'.

Check values have changed before setting the model

Only save data that needs to be saved and use sanitized data rather than raw text field input.
FIXED-IN: 5.18

Test Plan:
Edit Username -> have a PolicyKit password verification
Edit Avatar -> no more password verification popup

Reviewers: #plasma, ngraham, davidedmundson

Reviewed By: #plasma, ngraham, davidedmundson

Subscribers: ngraham, apol, plasma-devel

Tags: #plasma

Differential Revision: https://phabricator.kde.org/D25398

M  +10   -5    src/accountinfo.cpp