Uploaded image for project: 'PUBLIC - Liferay Portal Community Edition'
  1. PUBLIC - Liferay Portal Community Edition
  2. LPS-21704

UserLockoutException when using ticket (reset link) for password recovery and the user account is locked

Details

    Description

      In our password policy we use the lockout mechanism after 5 failed attempts to login.
      And we use the "reset link" mail (ticket) for the lost password recovery.

      When a user lock is account, he usually ask for a new password through the password recovery system.
      He then receive an email with a reset link. When he click on the link, he is redirected to the "change password" page and then when he validates his new password, he has the following error message : "An error occurred while accessing the requested resource. https://myserver/c/portal/update_password".

      Here's the stacktrave in the catalina.out:
      08:32:50,782 ERROR [jsp:996] com.liferay.portal.UserLockoutException
      com.liferay.portal.UserLockoutException
      at com.liferay.portal.service.impl.UserLocalServiceImpl.checkLockout(UserLocalServiceImpl.java:790)
      at com.liferay.portal.service.impl.UserLocalServiceImpl.authenticate(UserLocalServiceImpl.java:2567)
      at com.liferay.portal.service.impl.UserLocalServiceImpl.authenticateByScreenName(UserLocalServiceImpl.java:573)
      at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
      at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
      at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
      at java.lang.reflect.Method.invoke(Method.java:597)
      at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:309)
      at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:183)
      at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:150)
      at com.liferay.portal.spring.transaction.TransactionInterceptor.invoke(TransactionInterceptor.java:65)
      at com.liferay.portal.spring.aop.ChainableMethodAdvice.invoke(ChainableMethodAdvice.java:58)
      at com.liferay.portal.spring.aop.ChainableMethodAdvice.invoke(ChainableMethodAdvice.java:58)
      at com.liferay.portal.spring.aop.ChainableMethodAdvice.invoke(ChainableMethodAdvice.java:58)
      at com.liferay.portal.spring.aop.ChainableMethodAdvice.invoke(ChainableMethodAdvice.java:58)
      at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
      at org.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke(ExposeInvocationInterceptor.java:89)
      at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
      at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:202)
      at $Proxy81.authenticateByScreenName(Unknown Source)
      at com.liferay.portal.service.UserLocalServiceUtil.authenticateByScreenName(UserLocalServiceUtil.java:319)
      at com.liferay.portlet.login.util.LoginUtil.login(LoginUtil.java:155)
      at com.liferay.portal.action.UpdatePasswordAction.updatePassword(UpdatePasswordAction.java:179)
      at com.liferay.portal.action.UpdatePasswordAction.execute(UpdatePasswordAction.java:80)
      at org.apache.struts.action.RequestProcessor.processActionPerform(RequestProcessor.java:431)
      at org.apache.struts.action.RequestProcessor.process(RequestProcessor.java:236)
      at com.liferay.portal.struts.PortalRequestProcessor.process(PortalRequestProcessor.java:152)

      I think that a user account must be unlock when he is allowed to change is password.

      I've attached a patch.

      Attachments

        Issue Links

          Activity

            People

              zsolt.szabo Zsolt Szabo (Inactive)
              tahitiangabriel Gabriel Landon
              Kiyoshi Lee Kiyoshi Lee
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:
                11 years, 10 weeks, 3 days ago

                Packages

                  Version Package
                  --Sprint 12/11
                  6.1.0 CE RC1