[OFBIZ-6635] Old UserLogin from userLoginId-change is not correctly disabled - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Closed
Priority: Critical
Resolution: Fixed
Affects Version/s: Release Branch 13.07, Release Branch 14.12, 16.11.01
Fix Version/s: Release Branch 13.07, 14.12.01
Component/s: framework
Labels:
None

Sprint:
Community Day 3 - 2015

Description

If a userLoginId of an existing user is updated by LoginServices.updateUserLoginId, a new UserLogin value is created with the data of the old one and the old one is disabled afterwards. In addition to switch the enabled flag to "N" the disabledDateTime is set to current date. This is wrong because this makes it possible to reenable the old UserLogin by just do a login with the old userLoginId (standard mechanism to lock the login for a while after subsequent failed login requests).

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

OFBIZ-6635-FixedDisablingOldUserLogin.patch
19/Sep/15 12:20
0.8 kB
Martin Becker

Activity

People

Assignee:: Michael Brohl

Reporter:: Martin Becker

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 19/Sep/15 12:00

Updated:: 18/Jun/16 22:12

Resolved:: 19/Sep/15 16:06