Martin Becker created OFBIZ-6635:
------------------------------------
Summary: Old UserLogin from userLoginId-change is not correctly
disabled
Key: OFBIZ-6635
URL: https://issues.apache.org/jira/browse/OFBIZ-6635
Project: OFBiz
Issue Type: Bug
Components: framework
Affects Versions: Upcoming Branch
Reporter: Martin Becker
Priority: Critical
If a userLoginId of an existing user is updated by
LoginServices.updateUserLoginId, a new UserLogin value is created with the data
of the old one and the old one is disabled afterwards. In addition to switch
the enabled flag to "N" the disabledDateTime is set to current date. This is
wrong because this makes it possible to reenable the old UserLogin by just do a
login with the old userLoginId (standard mechanism to lock the login for a
while after subsequent failed login requests).
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
