portals-jetspeed-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Lars Vogelgesang <vog...@rumms.uni-mannheim.de>
Subject Re: UpdateAccount Save Password Bug Fix
Date Sat, 28 Apr 2001 11:06:03 GMT
Hi!
Thank you for presenting this fix!!!

There's is a very similar problem concerning the change of your firstname,
lastname and e-mail.
To persistently save this information, you can add the following lines to
UpdateAccount.java (around line 210):

Old version:
// update currently logged in information that might have changed
data.getUser().setPerm(TurbineUserPeer.FIRST_NAME, firstname);
data.getUser().setPerm(TurbineUserPeer.LAST_NAME, lastname);
data.getUser().setPerm(TurbineUserPeer.EMAIL, email);

New Version:
// update currently logged in information that might have changed
data.getUser().setPerm(TurbineUserPeer.FIRST_NAME, firstname);
data.getUser().setPerm( org.apache.turbine.om.security.User.FIRST_NAME,
firstname );
data.getUser().setPerm(TurbineUserPeer.LAST_NAME, lastname);
data.getUser().setPerm( org.apache.turbine.om.security.User.LAST_NAME, lastname
);
data.getUser().setPerm(TurbineUserPeer.EMAIL, email);
data.getUser().setPerm( org.apache.turbine.om.security.User.EMAIL, email );

Perhaps you can also remove the 'old' lines. But I am not sure about it!

Greetings, Lars



"Turpin, Jay" schrieb:

> This is a resend. Seems like the mailing list was down for a while yesterday
> and I'm not sure if this was received properly.
>
> I believe I have fixed a bug in the Edit Account/UpdateAccount code.
>
> Scenario:
> * Login into Jetspeed using Turbine/Turbine.
> * Navigate to Edit Account page.
> * Change password and press Update Account.
> * Look in the database (using your favorite db browser) and verify that
> password changed.
> * Logout of Jetspeed
> * Login using new password - it will fail
> * Look in database again, password is the original one again.
>
> The problem seems to be this:
> * UpdateAccount saves the changes to the database, the TurbineUser object
> and a permanent storage HashTable in the TurbineUser Object.
> * However, the password is only saved to the database and the HashTable, not
> the TurbineUser object
> * When the user logs out, an object somewhere (no sure where) takes the data
> from the TurbineUser object and saves it to the database again, overwriting
> the new password with the old one.
>
> The fix:
> Make the following change to the
> jakarta-jetspeed/src/java/org/apache/jetspeed/modules/actionsUpdateAccount.j
> ava file (around line 208):
>
>         // update currently logged in information that might have changed
>         data.getUser().setPerm(TurbineUserPeer.FIRST_NAME, firstname);
>         data.getUser().setPerm(TurbineUserPeer.LAST_NAME, lastname);
>         data.getUser().setPerm(TurbineUserPeer.EMAIL, email);
>         // Old code - doesn't save password after logout
>         // if ( changepass )
>         //      data.getUser().setPerm(TurbineUserPeer.PASSWORD, password);
>
>         if ( changepass ) {
>                 data.getUser().setPerm(TurbineUserPeer.PASSWORD, password);
>                 // Save to TurbineUser object as well
>                 data.getUser().setPassword(password);
>         }
>
> Regards,
> Jay Turpin
> Intel Corporation
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: jetspeed-dev-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: jetspeed-dev-help@jakarta.apache.org

--
-------------------------------------
Lars Vogelgesang
vogelg@rumms.uni-mannheim.de
http://www.vogelgesang.xodox.de
http://www.madnotmad.de
http://www.munsters.de.st





---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: jetspeed-dev-help@jakarta.apache.org


Mime
View raw message