portals-jetspeed-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Turpin, Jay" <jay.tur...@intel.com>
Subject UpdateAccount Save Password Bug Fix
Date Wed, 25 Apr 2001 14:59:43 GMT
This is a resend. Seems like the mailing list was down for a while yesterday
and I'm not sure if this was received properly.

I believe I have fixed a bug in the Edit Account/UpdateAccount code.

Scenario: 
* Login into Jetspeed using Turbine/Turbine. 
* Navigate to Edit Account page. 
* Change password and press Update Account. 
* Look in the database (using your favorite db browser) and verify that
password changed.
* Logout of Jetspeed
* Login using new password - it will fail
* Look in database again, password is the original one again.

The problem seems to be this:
* UpdateAccount saves the changes to the database, the TurbineUser object
and a permanent storage HashTable in the TurbineUser Object. 
* However, the password is only saved to the database and the HashTable, not
the TurbineUser object
* When the user logs out, an object somewhere (no sure where) takes the data
from the TurbineUser object and saves it to the database again, overwriting
the new password with the old one.

The fix:
Make the following change to the
jakarta-jetspeed/src/java/org/apache/jetspeed/modules/actionsUpdateAccount.j
ava file (around line 208):

	// update currently logged in information that might have changed
	data.getUser().setPerm(TurbineUserPeer.FIRST_NAME, firstname);
	data.getUser().setPerm(TurbineUserPeer.LAST_NAME, lastname);
	data.getUser().setPerm(TurbineUserPeer.EMAIL, email);
	// Old code - doesn't save password after logout
	// if ( changepass ) 
	//	data.getUser().setPerm(TurbineUserPeer.PASSWORD, password);

	if ( changepass ) {
		data.getUser().setPerm(TurbineUserPeer.PASSWORD, password);
		// Save to TurbineUser object as well
		data.getUser().setPassword(password);
	}

Regards,
Jay Turpin
Intel Corporation


---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: jetspeed-dev-help@jakarta.apache.org


Mime
View raw message