Hi Jacques,
I think my previous message wasn't clear.
With the previous patch that I sent, when you ask for forgotPassword,
the email contains :
* With OfbizUrlTransform :
* ask from ecommerce webapp : <a
href='https://localhost:8443/ecommerce/control/changePassword?....'>
* ask from partymgr webapp : <a
href='https://localhost:8443/partymgr/control/changePassword?....'>
* With UrlRegexpTransform :
* ask from ecommerce webapp : <a href='changePassword?....'>
* ask from partymgr webapp : <a href='changePassword?....'>
So with UrlRegexpTransform I loose the possibility offert by wesite to
build a correct dynamic link.
I'm sure UrlRegexpTransform have good reason to exists, and maybe we
need to improve it to replace completely OfbizUrlTransform
Nicolas
On 10/1/19 1:41 PM, Jacques Le Roux wrote:
Le 01/10/2019 à 13:33, Jacques Le Roux a écrit :
Le 01/10/2019 à 13:20, Jacques Le Roux a écrit :
Le 01/10/2019 à 12:46, Nicolas Malin a écrit :
To test, you can check with this patch
Actually it worked as is (trunk HEAD) locally w/o this patch. So
what's the problem?
It was from webtools.
It also works from ecommerce, apart that the email is in English there.
From product and party I get this error when clicking on the email link:
2019-10-01 13:28:36,704 |jsse-nio-8443-exec-1
|LoginWorker |E| Current Password Decryption failed
org.apache.ofbiz.entity.EntityCryptoException:
org.apache.ofbiz.entity.EntityCryptoException:
key(login.secret_key_string) not found in database
(key(login.secret_key_string) not found in database)
Is that the pb you have? Ie it works only from webtools because of
using OfbizUrlTransform instead of UrlRegexpTransform ?
Hi Nicolas,
BTW, despite this message in log I'm still able to change the password
@All, I guess because anyway OOTB a real value for
login.secret_key_string is not needed, you can refer to[1] for more
about that
[1]
https://svn.apache.org/repos/asf/ofbiz/ofbiz-framework/trunk/framework/security/src/docs/asciidoc/_include/sy-password-and-JWT.adoc
HTH
Jacques
