You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ofbiz.apache.org by "Sumit Pandit (JIRA)" <ji...@apache.org> on 2013/06/03 04:51:19 UTC

[jira] [Commented] (OFBIZ-5176) Some enhancement to password change.

    [ https://issues.apache.org/jira/browse/OFBIZ-5176?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13672772#comment-13672772 ] 

Sumit Pandit commented on OFBIZ-5176:
-------------------------------------

Hi Leon,
During testing of some other patches, went through changes done in current patch.

It is about following lines of changes in LoginWorker.java :
{code}
@@ -451,7 +452,7 @@
 
             // check to see if a password change is required for the user
             Map<String, Object> userLoginSession = checkMap(result.get("userLoginSession"), String.class, Object.class);
-            if (userLogin != null && "Y".equals(userLogin.getString("requirePasswordChange"))) {
+            if (userLogin != null && requirePasswordChange) {
                 return "requirePasswordChange";
             }
             String autoChangePassword = UtilProperties.getPropertyValue("security.properties", "user.auto.change.password.enable", "false");
@@ -478,7 +479,7 @@

{code}

Observed following impact on the system :
- This block was used to check that the user is required to go through change password process if "requiredPassword" flag has been set in UserLogin entity. If so it should be redirected to Change Password screen.
- Due to current changes, User has successfully login and able to go to any of the screen, even though UserLogin.requirePasswordChange=Y.

Thanks in advance for re-looking at it.
                
> Some enhancement to password change.
> ------------------------------------
>
>                 Key: OFBIZ-5176
>                 URL: https://issues.apache.org/jira/browse/OFBIZ-5176
>             Project: OFBiz
>          Issue Type: Improvement
>          Components: framework
>    Affects Versions: SVN trunk
>            Reporter: Leon
>            Assignee: Jacques Le Roux
>            Priority: Minor
>             Fix For: SVN trunk
>
>         Attachments: OFBIZ-5176.patch, OFBIZ-5176_SecurityextUiLabels.patch
>
>
> 1. Make "password must be different from last passwords" function work. (--// FIXME: switching to salt-based hashing breaks this history lookup below)
> 2. When there's error occurs, return "requirePasswordChange" instead of "error". Then, "password change" form will not be redirected to "login" form if there's any kind of "error".
> 3. Fix one "deprecated" findByAnd call.
> 4. Return the "error" message instead of "event" message when password expires.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira