[
https://issues.apache.org/jira/browse/OFBIZ-6635?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Michael Brohl updated OFBIZ-6635:
---------------------------------
Fix Version/s: (was: Release Branch 14.12)
14.12.01
> Old UserLogin from userLoginId-change is not correctly disabled
> ---------------------------------------------------------------
>
> Key: OFBIZ-6635
> URL: https://issues.apache.org/jira/browse/OFBIZ-6635
> Project: OFBiz
> Issue Type: Bug
> Components: framework
> Affects Versions: Release Branch 13.07, Release Branch 14.12, Upcoming
> Branch
> Reporter: Martin Becker
> Assignee: Michael Brohl
> Priority: Critical
> Fix For: Release Branch 13.07, 14.12.01, Upcoming Branch
>
> Attachments: OFBIZ-6635-FixedDisablingOldUserLogin.patch
>
>
> If a userLoginId of an existing user is updated by
> LoginServices.updateUserLoginId, a new UserLogin value is created with the
> data of the old one and the old one is disabled afterwards. In addition to
> switch the enabled flag to "N" the disabledDateTime is set to current date.
> This is wrong because this makes it possible to reenable the old UserLogin by
> just do a login with the old userLoginId (standard mechanism to lock the
> login for a while after subsequent failed login requests).
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
