[ 
https://issues.apache.org/jira/browse/OFBIZ-6635?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14877208#comment-14877208
 ] 

Jacques Le Roux commented on OFBIZ-6635:
----------------------------------------

Backported in R12.04 at r1704067

> Old UserLogin from userLoginId-change is not correctly disabled
> ---------------------------------------------------------------
>
>                 Key: OFBIZ-6635
>                 URL: https://issues.apache.org/jira/browse/OFBIZ-6635
>             Project: OFBiz
>          Issue Type: Bug
>          Components: framework
>    Affects Versions: Release Branch 13.07, Release Branch 14.12, Upcoming 
> Branch
>            Reporter: Martin Becker
>            Assignee: Michael Brohl
>            Priority: Critical
>             Fix For: Release Branch 13.07, Release Branch 14.12, Upcoming 
> Branch
>
>         Attachments: OFBIZ-6635-FixedDisablingOldUserLogin.patch
>
>
> If a userLoginId of an existing user is updated by 
> LoginServices.updateUserLoginId, a new UserLogin value is created with the 
> data of the old one and the old one is disabled afterwards. In addition to 
> switch the enabled flag to "N" the disabledDateTime is set to current date. 
> This is wrong because this makes it possible to reenable the old UserLogin by 
> just do a login with the old userLoginId (standard mechanism to lock the 
> login for a while after subsequent failed login requests).



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to