[OFBiz] Users - BUG IN CHANGING PASSWORD (STRANGE OBSERVATION)

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

[OFBiz] Users - BUG IN CHANGING PASSWORD (STRANGE OBSERVATION)

Souvik Saha Bhowmik
Hi all,
I have built an application using the Ofbiz framework and has made
full use of the Security system..I am using the framework provided
login and logout services
In my application there is a customer side and an admin side....
I have provided the customer with a feature to change password after
logging in. In that case I find that though the new password is
updated in the Userlogin entity its not effecting the
application...Whil;e trying to log in with his new password the
customer is getting error of Incorrecvt password. But he is able to
log in with his old password. The strangest thing is that the
Userlogin entity has the new password and not the old one......is the
password also stored some where else....I have not used any
encryption....
there are more strange observations .......
When the admin tries to change the customers password the change is
effected if the user is not logged in at that moment...Even if he is
logged in he the UserLo0gin entity gets updated with new password but
it does not effect the customer's security settings. I mean later when
the customer tries to log in with his new password he fails but is
allowed the same with his old password.....
But when an admin changes the password of a customer who in not logged
in the change effects his security settings...The behaviour is as
expected...He can log in with his new password and not the old......
If I provide the customer with a feature that he canchange his
password without logging in( where he has to provide his userloginId
also) the behaviousr is as expected.....He can log in with his new
password and not his old one......

FYI I am using a minilang(simple) service to change the password and
update the UserLogin entity....It uses the "store" tag of minilang

Can someone please explain this wierd behaviour and its remedy.....any
suggerstion will be of gr8 help and I shall be highly obliged
 
_______________________________________________
Users mailing list
[hidden email]
http://lists.ofbiz.org/mailman/listinfo/users
Reply | Threaded
Open this post in threaded view
|

Re: [OFBiz] Users - BUG IN CHANGING PASSWORD (STRANGE OBSERVATION)

Andrew Sykes
Souvik,

This may be a caching issue.

You can test this by clearing the cache in webtools after making the
change.

Kind Regards
--
Andrew Sykes <[hidden email]>
Sykes Development Ltd

 
_______________________________________________
Users mailing list
[hidden email]
http://lists.ofbiz.org/mailman/listinfo/users
Reply | Threaded
Open this post in threaded view
|

[OFBiz] Users - Re: Users - BUG IN CHANGING PASSWORD (STRANGE OBSERVATION)

Souvik Saha Bhowmik
thanx for ur help.....But it did not work....If u find a solution plz
do let me know....I had earlier tried by programetically clearing the
cache

On 10/18/05, Andrew Sykes <[hidden email]> wrote:

> Souvik,
>
> This may be a caching issue.
>
> You can test this by clearing the cache in webtools after making the
> change.
>
> Kind Regards
> --
> Andrew Sykes <[hidden email]>
> Sykes Development Ltd
>
>
> _______________________________________________
> Users mailing list
> [hidden email]
> http://lists.ofbiz.org/mailman/listinfo/users
>
 
_______________________________________________
Users mailing list
[hidden email]
http://lists.ofbiz.org/mailman/listinfo/users
Reply | Threaded
Open this post in threaded view
|

Re: [OFBiz] Users - Re: Users - BUG IN CHANGING PASSWORD (STRANGE OBSERVATION)

Andrew Sykes
Souvik,

Could it be that you are mistakenly creating a new record rather than
doing the update you think you are?

Kind Regards
--
Andrew Sykes <[hidden email]>
Sykes Development Ltd

 
_______________________________________________
Users mailing list
[hidden email]
http://lists.ofbiz.org/mailman/listinfo/users
Reply | Threaded
Open this post in threaded view
|

Re: [OFBiz] Users - BUG IN CHANGING PASSWORD (STRANGE OBSERVATION)

David E. Jones
In reply to this post by Souvik Saha Bhowmik

Based on this I couldn't really say what is going wrong. If you are  
using an older version of OFBiz you might be running into a cache  
problem, but I'm not aware of anything like this that is an  
outstanding issue right now.

If you can reproduce the problem in the current code base let me know  
what you did to make it happen and I'll look into it...

-David


On Oct 18, 2005, at 6:53 AM, Souvik Saha Bhowmik wrote:

> Hi all,
> I have built an application using the Ofbiz framework and has made
> full use of the Security system..I am using the framework provided
> login and logout services
> In my application there is a customer side and an admin side....
> I have provided the customer with a feature to change password after
> logging in. In that case I find that though the new password is
> updated in the Userlogin entity its not effecting the
> application...Whil;e trying to log in with his new password the
> customer is getting error of Incorrecvt password. But he is able to
> log in with his old password. The strangest thing is that the
> Userlogin entity has the new password and not the old one......is the
> password also stored some where else....I have not used any
> encryption....
> there are more strange observations .......
> When the admin tries to change the customers password the change is
> effected if the user is not logged in at that moment...Even if he is
> logged in he the UserLo0gin entity gets updated with new password but
> it does not effect the customer's security settings. I mean later when
> the customer tries to log in with his new password he fails but is
> allowed the same with his old password.....
> But when an admin changes the password of a customer who in not logged
> in the change effects his security settings...The behaviour is as
> expected...He can log in with his new password and not the old......
> If I provide the customer with a feature that he canchange his
> password without logging in( where he has to provide his userloginId
> also) the behaviousr is as expected.....He can log in with his new
> password and not his old one......
>
> FYI I am using a minilang(simple) service to change the password and
> update the UserLogin entity....It uses the "store" tag of minilang
>
> Can someone please explain this wierd behaviour and its remedy.....any
> suggerstion will be of gr8 help and I shall be highly obliged
>
> _______________________________________________
> Users mailing list
> [hidden email]
> http://lists.ofbiz.org/mailman/listinfo/users
>

 
_______________________________________________
Users mailing list
[hidden email]
http://lists.ofbiz.org/mailman/listinfo/users