portals-jetspeed-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "David Sean Taylor (JIRA)" <jetspeed-...@portals.apache.org>
Subject [jira] [Created] (JS2-1308) New User Enabled is Never Checked
Date Sat, 20 Dec 2014 01:33:13 GMT
David Sean Taylor created JS2-1308:

             Summary: New User Enabled is Never Checked
                 Key: JS2-1308
                 URL: https://issues.apache.org/jira/browse/JS2-1308
             Project: Jetspeed 2
          Issue Type: Bug
          Components: Security
    Affects Versions: 2.2.3, 2.3.0
            Reporter: David Sean Taylor
            Assignee: David Sean Taylor
             Fix For: 2.2.3, 2.3.0

in our portal a new created user has to confirm it's password via email.
So we set the password to NOT enabled after user creation:

  User user = userManager.getUser(userName);
  PasswordCredential pwc = userManager.getPasswordCredential(user);

But the user can immediately log in, although the password is disabled.
I verified this in the database  (security_credential.IS_ENABLED = 0).

The bug seems to be in the
where isEnabled() is never checked !

This message was sent by Atlassian JIRA

To unsubscribe, e-mail: jetspeed-dev-unsubscribe@portals.apache.org
For additional commands, e-mail: jetspeed-dev-help@portals.apache.org

View raw message