You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ofbiz.apache.org by "Michael Brohl (JIRA)" <ji...@apache.org> on 2016/06/18 22:13:05 UTC
[jira] [Updated] (OFBIZ-6635) Old UserLogin from userLoginId-change
is not correctly disabled
[ https://issues.apache.org/jira/browse/OFBIZ-6635?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Michael Brohl updated OFBIZ-6635:
---------------------------------
Fix Version/s: (was: Upcoming Branch)
> Old UserLogin from userLoginId-change is not correctly disabled
> ---------------------------------------------------------------
>
> Key: OFBIZ-6635
> URL: https://issues.apache.org/jira/browse/OFBIZ-6635
> Project: OFBiz
> Issue Type: Bug
> Components: framework
> Affects Versions: Release Branch 13.07, Release Branch 14.12, Upcoming Branch
> Reporter: Martin Becker
> Assignee: Michael Brohl
> Priority: Critical
> Fix For: Release Branch 13.07, 14.12.01
>
> Attachments: OFBIZ-6635-FixedDisablingOldUserLogin.patch
>
>
> If a userLoginId of an existing user is updated by LoginServices.updateUserLoginId, a new UserLogin value is created with the data of the old one and the old one is disabled afterwards. In addition to switch the enabled flag to "N" the disabledDateTime is set to current date. This is wrong because this makes it possible to reenable the old UserLogin by just do a login with the old userLoginId (standard mechanism to lock the login for a while after subsequent failed login requests).
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)