Affects Version/s: 7.3.X, Master
- A user coming from LDAP, whose LDAP's object is being modified frequently for different reasons (so its modifyTimestamp attribute changes) is going to be imported.
- This user logs in, so it is imported. passwordModifiedDate has a value and session's creation date too.
- The user tries to change its password. During the internal process the user is authenticated against the current entered password. So it is checked (and incorrectly updated!):
- Since the newly encrypted one does not match the 'old' one, it is managed as a new one, so the passwordModifiedDate is set to the modifyTimestamp value (_newer, because as we indicated it changes)._
- At this point, the password's date is newer than the session's, so the users is logged out (and an error occurs).
We need to take into account the current encrypted password to encrypt the new one and make _isPasswordUnchanged method work properly -> in this case, produce a true value since they are equals.
: please run the attached groovy script to test the solution.
Expected result: password modified date before and after are equals.
Current result: password modified dates are not equals before and after. An error occurs.