Uploaded image for project: 'PUBLIC - Liferay Portal Community Edition'
  1. PUBLIC - Liferay Portal Community Edition
  2. LPS-145129

Current encrypted password comparison in UserLocalServiceImpl does not work as expected

    Details

      Description

      This incorrect encryption (and so the comparison) is causing trouble in some ocassions. This is an example:

      • A user coming from LDAP, whose LDAP's object is being modified frequently for different reasons (so its modifyTimestamp attribute changes) is going to be imported.
      • This user logs in, so it is imported. passwordModifiedDate has a value and session's creation date too.
      • The user tries to change its password. During the internal process the user is authenticated against the current entered password. So it is checked (and incorrectly updated!):
        • Since the newly encrypted one does not match the 'old' one, it is managed as a new one, so the passwordModifiedDate is set to the modifyTimestamp value (_newer, because as we indicated it changes)._
      • At this point, the password's date is newer than the session's, so the users is logged out (and an error occurs).

      We need to take into account the current encrypted password to encrypt the new one and make _isPasswordUnchanged method work properly -> in this case, produce a true value since they are equals.

      Note for QA: please run the attached groovy script to test the solution.

      Expected result: password modified date before and after are equals.

      Current result: password modified dates are not equals before and after. An error occurs.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              marcell.weller Marcell Weller
              Reporter:
              cristina.rodriguez Cristina Rodriguez
              Participants of an Issue:
              Recent user:
              Rafaela Nascimento
              Engineering Assignee:
              Cristina Rodriguez
              Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:
                Days since last comment:
                17 weeks, 2 days ago

                  Packages

                  Version Package
                  7.3.X
                  7.4.3.8 CE GA8
                  7.4.13 DXP U4
                  7.4.3.9 CE GA9
                  Master