Uploaded image for project: 'PUBLIC - Liferay Portal Community Edition'
  1. PUBLIC - Liferay Portal Community Edition
  2. LPS-17146

Password change does not update password in Cookies

    Details

    • Branch Version/s:
      6.0.x

      Description

      • Login to Liferay portal
      • Go to Control Panel
      • Go to My Account
      • Go to Password section from right navigation
      • Enter valid old and new password and click on "Save" button

      When user logs in to Liferay, it stores encrypted password in the Cookie using LoginUtil.login method. But when use changes its password EditUserAction.updateUser() method does not update value of encrypted password value.
      From our web application we are using Compay ID , User and Password information in the cookie for authenticating user using following code.

      if (httpRequest.getCookies() != null) {
      for (Cookie cookie : httpRequest.getCookies()) {
      try {
      if (cookie.getName().equals("ID"))

      { userId = new String(Hex.decodeHex(cookie.getValue().toCharArray())); }

      if (cookie.getName().equals("COMPANY_ID"))

      { companyId = cookie.getValue(); }

      if (cookie.getName().equals("PASSWORD"))

      { password = new String(Hex.decodeHex(cookie.getValue().toCharArray())); }

      } catch (DecoderException de)

      { log.error("Error decoding Liferay authentication cookie", de); }

      }
      }

      try {
      KeyValuePair userNameAndPassword = UserLocalServiceUtil.decryptUserId(Long.valueOf(companyId), userId, password);
      if (log.isDebugEnabled())

      { log.debug("Located liferay user id" + userNameAndPassword.getKey()); }

      // System.out.println("Screen Name: " + decrypt(userId));
      lifeRayUser = UserLocalServiceUtil.getUserById(Long.valueOf(userNameAndPassword.getKey()));
      lifeRayUser.setPasswordEncrypted(false);
      lifeRayUser.setPasswordUnencrypted(userNameAndPassword.getValue());
      lifeRayUser.setPassword(userNameAndPassword.getValue());

      } catch (PrincipalException pe)

      { throw new BadCredentialsException("Error retrieving liferay user, incorrect password ... recently changed?", pe); }

      catch (Exception e)

      { log.error("Error retrieving liferay user", e); }

      Since there is old password in the cookie the authentication is failing.

        Attachments

          Activity

            People

            Assignee:
            support-lep@liferay.com SE Support
            Reporter:
            tejash_p_shah Tejash Shah (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Dates

              Created:
              Updated:

                Packages

                Version Package