[jira] [Updated] (OFBIZ-6635) Old UserLogin from userLoginId-change is not correctly disabled
[ https://issues.apache.org/jira/browse/OFBIZ-6635?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Michael Brohl updated OFBIZ-6635: - Fix Version/s: (was: Upcoming Branch) > Old UserLogin from userLoginId-change is not correctly disabled > --- > > Key: OFBIZ-6635 > URL: https://issues.apache.org/jira/browse/OFBIZ-6635 > Project: OFBiz > Issue Type: Bug > Components: framework >Affects Versions: Release Branch 13.07, Release Branch 14.12, Upcoming > Branch >Reporter: Martin Becker >Assignee: Michael Brohl >Priority: Critical > Fix For: Release Branch 13.07, 14.12.01 > > Attachments: OFBIZ-6635-FixedDisablingOldUserLogin.patch > > > If a userLoginId of an existing user is updated by > LoginServices.updateUserLoginId, a new UserLogin value is created with the > data of the old one and the old one is disabled afterwards. In addition to > switch the enabled flag to "N" the disabledDateTime is set to current date. > This is wrong because this makes it possible to reenable the old UserLogin by > just do a login with the old userLoginId (standard mechanism to lock the > login for a while after subsequent failed login requests). -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Updated] (OFBIZ-6635) Old UserLogin from userLoginId-change is not correctly disabled
[ https://issues.apache.org/jira/browse/OFBIZ-6635?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Martin Becker updated OFBIZ-6635: - Sprint: Community Day 3 - 2015 > Old UserLogin from userLoginId-change is not correctly disabled > --- > > Key: OFBIZ-6635 > URL: https://issues.apache.org/jira/browse/OFBIZ-6635 > Project: OFBiz > Issue Type: Bug > Components: framework >Affects Versions: Upcoming Branch >Reporter: Martin Becker >Priority: Critical > > If a userLoginId of an existing user is updated by > LoginServices.updateUserLoginId, a new UserLogin value is created with the > data of the old one and the old one is disabled afterwards. In addition to > switch the enabled flag to "N" the disabledDateTime is set to current date. > This is wrong because this makes it possible to reenable the old UserLogin by > just do a login with the old userLoginId (standard mechanism to lock the > login for a while after subsequent failed login requests). -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Updated] (OFBIZ-6635) Old UserLogin from userLoginId-change is not correctly disabled
[ https://issues.apache.org/jira/browse/OFBIZ-6635?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Martin Becker updated OFBIZ-6635: - Attachment: OFBIZ-6635-FixedDisablingOldUserLogin.patch > Old UserLogin from userLoginId-change is not correctly disabled > --- > > Key: OFBIZ-6635 > URL: https://issues.apache.org/jira/browse/OFBIZ-6635 > Project: OFBiz > Issue Type: Bug > Components: framework >Affects Versions: Upcoming Branch >Reporter: Martin Becker >Priority: Critical > Attachments: OFBIZ-6635-FixedDisablingOldUserLogin.patch > > > If a userLoginId of an existing user is updated by > LoginServices.updateUserLoginId, a new UserLogin value is created with the > data of the old one and the old one is disabled afterwards. In addition to > switch the enabled flag to "N" the disabledDateTime is set to current date. > This is wrong because this makes it possible to reenable the old UserLogin by > just do a login with the old userLoginId (standard mechanism to lock the > login for a while after subsequent failed login requests). -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Updated] (OFBIZ-6635) Old UserLogin from userLoginId-change is not correctly disabled
[ https://issues.apache.org/jira/browse/OFBIZ-6635?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Michael Brohl updated OFBIZ-6635: - Affects Version/s: Release Branch 13.07 Release Branch 14.12 > Old UserLogin from userLoginId-change is not correctly disabled > --- > > Key: OFBIZ-6635 > URL: https://issues.apache.org/jira/browse/OFBIZ-6635 > Project: OFBiz > Issue Type: Bug > Components: framework >Affects Versions: Release Branch 13.07, Release Branch 14.12, Upcoming > Branch >Reporter: Martin Becker >Assignee: Michael Brohl >Priority: Critical > Attachments: OFBIZ-6635-FixedDisablingOldUserLogin.patch > > > If a userLoginId of an existing user is updated by > LoginServices.updateUserLoginId, a new UserLogin value is created with the > data of the old one and the old one is disabled afterwards. In addition to > switch the enabled flag to "N" the disabledDateTime is set to current date. > This is wrong because this makes it possible to reenable the old UserLogin by > just do a login with the old userLoginId (standard mechanism to lock the > login for a while after subsequent failed login requests). -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Updated] (OFBIZ-6635) Old UserLogin from userLoginId-change is not correctly disabled
[ https://issues.apache.org/jira/browse/OFBIZ-6635?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Michael Brohl updated OFBIZ-6635: - Fix Version/s: (was: Release Branch 14.12) 14.12.01 > Old UserLogin from userLoginId-change is not correctly disabled > --- > > Key: OFBIZ-6635 > URL: https://issues.apache.org/jira/browse/OFBIZ-6635 > Project: OFBiz > Issue Type: Bug > Components: framework >Affects Versions: Release Branch 13.07, Release Branch 14.12, Upcoming > Branch >Reporter: Martin Becker >Assignee: Michael Brohl >Priority: Critical > Fix For: Release Branch 13.07, 14.12.01, Upcoming Branch > > Attachments: OFBIZ-6635-FixedDisablingOldUserLogin.patch > > > If a userLoginId of an existing user is updated by > LoginServices.updateUserLoginId, a new UserLogin value is created with the > data of the old one and the old one is disabled afterwards. In addition to > switch the enabled flag to "N" the disabledDateTime is set to current date. > This is wrong because this makes it possible to reenable the old UserLogin by > just do a login with the old userLoginId (standard mechanism to lock the > login for a while after subsequent failed login requests). -- This message was sent by Atlassian JIRA (v6.3.4#6332)