Re: [OFBiz] Users - Re: Users - BUG IN CHANGING PASSWORD (STRANGE OBSERVATION)--(RESOLVED PARTIALLY)
Posted by David E. Jones on Oct 20, 2005; 7:14pm
URL: http://ofbiz.116.s1.nabble.com/OFBiz-Users-Re-Users-BUG-IN-CHANGING-PASSWORD-STRANGE-OBSERVATION-RESOLVED-PARTIALLY-tp136184p136185.html
Could you file a bug report for this?
-David
On Oct 20, 2005, at 8:10 AM, Souvik Saha Bhowmik wrote:
> Hi
>
> I downloaded the new version yesterday...But it didn't solve my
> problem ..rather complicated it....I was not able to log in to my
> application through any user id and password that I created.. The user
> ids were provided with sufficient security permissions....and the
> error message was "password incorrect". though I found out the
> password existed in the userLogin entity with the corrosponding
> userLoginId...
>
> Regarding the older version(5021) I found out the cause of my
> problem....I was using the logout event of Ofbiz.....The logout
> eventually calls the LogoutWorker..which while logging out extracts
> the userLogin information from session and updates the userLogin
> entity with the hasLogged out field information.....And hence though
> the password was changed in the entity(UserLogin) it again got updated
> with the older password.This is becuse the UserLogin information in
> session had the older password. This seems to be a bug because the
> entire information should not be updated and only the hasLoggedOut
> field should be updated. Otherwise no logged in user could change his
> password. Precisely , he can change but it reverts back while logging
> out. However I used the <befor logout> tag to invoke an event which
> updates the session with the new UserLogin information. the
> changePassword feature in my case was implemented using a service and
> so I could not update the session with the new userLogin while
> changing password.....
>
> However I shall be obliged if you look into the behaviour of new Ofbiz
> that I noticed and get back to me......Its very urgent for Ofbiz
> users like us
> Thanx
> Souvik
>
> On 10/18/05, David E. Jones <[hidden email]> wrote:
>
>>
>> Based on this I couldn't really say what is going wrong. If you are
>> using an older version of OFBiz you might be running into a cache
>> problem, but I'm not aware of anything like this that is an
>> outstanding issue right now.
>>
>> If you can reproduce the problem in the current code base let me know
>> what you did to make it happen and I'll look into it...
>>
>> -David
>>
>>
>> On Oct 18, 2005, at 6:53 AM, Souvik Saha Bhowmik wrote:
>>
>>
>>> Hi all,
>>> I have built an application using the Ofbiz framework and has made
>>> full use of the Security system..I am using the framework provided
>>> login and logout services
>>> In my application there is a customer side and an admin side....
>>> I have provided the customer with a feature to change password after
>>> logging in. In that case I find that though the new password is
>>> updated in the Userlogin entity its not effecting the
>>> application...Whil;e trying to log in with his new password the
>>> customer is getting error of Incorrecvt password. But he is able to
>>> log in with his old password. The strangest thing is that the
>>> Userlogin entity has the new password and not the old one......is
>>> the
>>> password also stored some where else....I have not used any
>>> encryption....
>>> there are more strange observations .......
>>> When the admin tries to change the customers password the change is
>>> effected if the user is not logged in at that moment...Even if he is
>>> logged in he the UserLo0gin entity gets updated with new password
>>> but
>>> it does not effect the customer's security settings. I mean later
>>> when
>>> the customer tries to log in with his new password he fails but is
>>> allowed the same with his old password.....
>>> But when an admin changes the password of a customer who in not
>>> logged
>>> in the change effects his security settings...The behaviour is as
>>> expected...He can log in with his new password and not the old......
>>> If I provide the customer with a feature that he canchange his
>>> password without logging in( where he has to provide his userloginId
>>> also) the behaviousr is as expected.....He can log in with his new
>>> password and not his old one......
>>>
>>> FYI I am using a minilang(simple) service to change the password and
>>> update the UserLogin entity....It uses the "store" tag of minilang
>>>
>>> Can someone please explain this wierd behaviour and its
>>> remedy.....any
>>> suggerstion will be of gr8 help and I shall be highly obliged
>>>
>>> _______________________________________________
>>> Users mailing list
>>> [hidden email]
>>> http://lists.ofbiz.org/mailman/listinfo/users
>>>
>>>
>>
>>
>> _______________________________________________
>> Users mailing list
>> [hidden email]
>> http://lists.ofbiz.org/mailman/listinfo/users
>>
>>
>
> _______________________________________________
> Users mailing list
> [hidden email]
> http://lists.ofbiz.org/mailman/listinfo/users
>
_______________________________________________
Users mailing list
[hidden email]
http://lists.ofbiz.org/mailman/listinfo/users
URL: http://ofbiz.116.s1.nabble.com/OFBiz-Users-Re-Users-BUG-IN-CHANGING-PASSWORD-STRANGE-OBSERVATION-RESOLVED-PARTIALLY-tp136184p136185.html
Could you file a bug report for this?
-David
On Oct 20, 2005, at 8:10 AM, Souvik Saha Bhowmik wrote:
> Hi
>
> I downloaded the new version yesterday...But it didn't solve my
> problem ..rather complicated it....I was not able to log in to my
> application through any user id and password that I created.. The user
> ids were provided with sufficient security permissions....and the
> error message was "password incorrect". though I found out the
> password existed in the userLogin entity with the corrosponding
> userLoginId...
>
> Regarding the older version(5021) I found out the cause of my
> problem....I was using the logout event of Ofbiz.....The logout
> eventually calls the LogoutWorker..which while logging out extracts
> the userLogin information from session and updates the userLogin
> entity with the hasLogged out field information.....And hence though
> the password was changed in the entity(UserLogin) it again got updated
> with the older password.This is becuse the UserLogin information in
> session had the older password. This seems to be a bug because the
> entire information should not be updated and only the hasLoggedOut
> field should be updated. Otherwise no logged in user could change his
> password. Precisely , he can change but it reverts back while logging
> out. However I used the <befor logout> tag to invoke an event which
> updates the session with the new UserLogin information. the
> changePassword feature in my case was implemented using a service and
> so I could not update the session with the new userLogin while
> changing password.....
>
> However I shall be obliged if you look into the behaviour of new Ofbiz
> that I noticed and get back to me......Its very urgent for Ofbiz
> users like us
> Thanx
> Souvik
>
> On 10/18/05, David E. Jones <[hidden email]> wrote:
>
>>
>> Based on this I couldn't really say what is going wrong. If you are
>> using an older version of OFBiz you might be running into a cache
>> problem, but I'm not aware of anything like this that is an
>> outstanding issue right now.
>>
>> If you can reproduce the problem in the current code base let me know
>> what you did to make it happen and I'll look into it...
>>
>> -David
>>
>>
>> On Oct 18, 2005, at 6:53 AM, Souvik Saha Bhowmik wrote:
>>
>>
>>> Hi all,
>>> I have built an application using the Ofbiz framework and has made
>>> full use of the Security system..I am using the framework provided
>>> login and logout services
>>> In my application there is a customer side and an admin side....
>>> I have provided the customer with a feature to change password after
>>> logging in. In that case I find that though the new password is
>>> updated in the Userlogin entity its not effecting the
>>> application...Whil;e trying to log in with his new password the
>>> customer is getting error of Incorrecvt password. But he is able to
>>> log in with his old password. The strangest thing is that the
>>> Userlogin entity has the new password and not the old one......is
>>> the
>>> password also stored some where else....I have not used any
>>> encryption....
>>> there are more strange observations .......
>>> When the admin tries to change the customers password the change is
>>> effected if the user is not logged in at that moment...Even if he is
>>> logged in he the UserLo0gin entity gets updated with new password
>>> but
>>> it does not effect the customer's security settings. I mean later
>>> when
>>> the customer tries to log in with his new password he fails but is
>>> allowed the same with his old password.....
>>> But when an admin changes the password of a customer who in not
>>> logged
>>> in the change effects his security settings...The behaviour is as
>>> expected...He can log in with his new password and not the old......
>>> If I provide the customer with a feature that he canchange his
>>> password without logging in( where he has to provide his userloginId
>>> also) the behaviousr is as expected.....He can log in with his new
>>> password and not his old one......
>>>
>>> FYI I am using a minilang(simple) service to change the password and
>>> update the UserLogin entity....It uses the "store" tag of minilang
>>>
>>> Can someone please explain this wierd behaviour and its
>>> remedy.....any
>>> suggerstion will be of gr8 help and I shall be highly obliged
>>>
>>> _______________________________________________
>>> Users mailing list
>>> [hidden email]
>>> http://lists.ofbiz.org/mailman/listinfo/users
>>>
>>>
>>
>>
>> _______________________________________________
>> Users mailing list
>> [hidden email]
>> http://lists.ofbiz.org/mailman/listinfo/users
>>
>>
>
> _______________________________________________
> Users mailing list
> [hidden email]
> http://lists.ofbiz.org/mailman/listinfo/users
>
_______________________________________________
Users mailing list
[hidden email]
http://lists.ofbiz.org/mailman/listinfo/users
smime.p7s (3K) | Free forum by Nabble | Edit this page |