Posted by
Souvik Saha Bhowmik on
Oct 20, 2005; 3:10pm
URL: http://ofbiz.116.s1.nabble.com/OFBiz-Users-Re-Users-BUG-IN-CHANGING-PASSWORD-STRANGE-OBSERVATION-RESOLVED-PARTIALLY-tp136184.html
Hi
I downloaded the new version yesterday...But it didn't solve my
problem ..rather complicated it....I was not able to log in to my
application through any user id and password that I created.. The user
ids were provided with sufficient security permissions....and the
error message was "password incorrect". though I found out the
password existed in the userLogin entity with the corrosponding
userLoginId...
Regarding the older version(5021) I found out the cause of my
problem....I was using the logout event of Ofbiz.....The logout
eventually calls the LogoutWorker..which while logging out extracts
the userLogin information from session and updates the userLogin
entity with the hasLogged out field information.....And hence though
the password was changed in the entity(UserLogin) it again got updated
with the older password.This is becuse the UserLogin information in
session had the older password. This seems to be a bug because the
entire information should not be updated and only the hasLoggedOut
field should be updated. Otherwise no logged in user could change his
password. Precisely , he can change but it reverts back while logging
out. However I used the <befor logout> tag to invoke an event which
updates the session with the new UserLogin information. the
changePassword feature in my case was implemented using a service and
so I could not update the session with the new userLogin while
changing password.....
However I shall be obliged if you look into the behaviour of new Ofbiz
that I noticed and get back to me......Its very urgent for Ofbiz
users like us
Thanx
Souvik
On 10/18/05, David E. Jones <
[hidden email]> wrote:
>
> Based on this I couldn't really say what is going wrong. If you are
> using an older version of OFBiz you might be running into a cache
> problem, but I'm not aware of anything like this that is an
> outstanding issue right now.
>
> If you can reproduce the problem in the current code base let me know
> what you did to make it happen and I'll look into it...
>
> -David
>
>
> On Oct 18, 2005, at 6:53 AM, Souvik Saha Bhowmik wrote:
>
> > Hi all,
> > I have built an application using the Ofbiz framework and has made
> > full use of the Security system..I am using the framework provided
> > login and logout services
> > In my application there is a customer side and an admin side....
> > I have provided the customer with a feature to change password after
> > logging in. In that case I find that though the new password is
> > updated in the Userlogin entity its not effecting the
> > application...Whil;e trying to log in with his new password the
> > customer is getting error of Incorrecvt password. But he is able to
> > log in with his old password. The strangest thing is that the
> > Userlogin entity has the new password and not the old one......is the
> > password also stored some where else....I have not used any
> > encryption....
> > there are more strange observations .......
> > When the admin tries to change the customers password the change is
> > effected if the user is not logged in at that moment...Even if he is
> > logged in he the UserLo0gin entity gets updated with new password but
> > it does not effect the customer's security settings. I mean later when
> > the customer tries to log in with his new password he fails but is
> > allowed the same with his old password.....
> > But when an admin changes the password of a customer who in not logged
> > in the change effects his security settings...The behaviour is as
> > expected...He can log in with his new password and not the old......
> > If I provide the customer with a feature that he canchange his
> > password without logging in( where he has to provide his userloginId
> > also) the behaviousr is as expected.....He can log in with his new
> > password and not his old one......
> >
> > FYI I am using a minilang(simple) service to change the password and
> > update the UserLogin entity....It uses the "store" tag of minilang
> >
> > Can someone please explain this wierd behaviour and its remedy.....any
> > suggerstion will be of gr8 help and I shall be highly obliged
> >
> > _______________________________________________
> > Users mailing list
> >
[hidden email]
> >
http://lists.ofbiz.org/mailman/listinfo/users> >
>
>
> _______________________________________________
> Users mailing list
>
[hidden email]
>
http://lists.ofbiz.org/mailman/listinfo/users>
_______________________________________________
Users mailing list
[hidden email]
http://lists.ofbiz.org/mailman/listinfo/users