Details
-
Type:
Bug
-
Status: Closed
-
Priority:
Trivial
-
Resolution: Fixed
-
Affects Version/s: 2.2.0
-
Fix Version/s: 2.3.0
-
Component/s: UsersStore & UsersRepository
-
Labels:None
Description
Lines 49-50 in the DefaultUsersJdbcRepository.java are reversed for the getString values.
Consequently, the class is unable to authenticate any users.
The lines are:
String passwordAlg = rsUsers.getString(2);
String passwordHash = rsUsers.getString(3);
They should be:
String passwordHash = rsUsers.getString(2);
String passwordAlg = rsUsers.getString(3);
Alternatively, the SQLResources.xml file can be changed on line 148 from:
<sql name="select">SELECT username, pwdHash, pwdAlgorithm
to:
<sql name="select">SELECT username, pwdAlgorithm, pwdHash
but this would then be out of line with the rest of the file.