[
https://issues.apache.org/jira/browse/SYNCOPE-1386?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Dmitriy B. updated SYNCOPE-1386:
--------------------------------
Comment: was deleted
(was: In code
[https://github.com/apache/syncope/blob/443f5a38ea45f15c092c41abb202f897c795c5f2/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/dao/JPAUserDAO.java#L397]
I also noticed that `entityManager().remove(merged);` is called.
What is the purpose why you do this? The transaction is rolled back and changes
are not added into database (even remove(merged) action doesn't work).
Maybe you need to detach the managed entity and also remove it from the L2
cache if it is enabled?
{code:java}
entityManager().detach(merged);
if (entityManager().getEntityManagerFactory().getCache() != null) {
entityManager().getEntityManagerFactory().getCache().evict(JPAUser.class,
merged.getKey());
}
{code}
Maybe you have other similar places in the code like above? )
> Not committed managed objects can get into L2 cache.
> ----------------------------------------------------
>
> Key: SYNCOPE-1386
> URL: https://issues.apache.org/jira/browse/SYNCOPE-1386
> Project: Syncope
> Issue Type: Bug
> Components: core
> Affects Versions: 2.0.8
> Reporter: Dmitriy B.
> Priority: Major
> Attachments: confirm_pwd_reset_action.sh
>
>
>
> Hi guys. I noticed the issue that leads to inconsistent data that comes in
> response.
>
> Here is the use-case how to reproduce the problem:
>
> 1. Create user in Syncope
> 2. Do a request password reset action and make sure that token that is used
> for pwd reset action is generated and stored into database.
> 3. Restart your application to be sure that L2 cache is empty.
> 4. Confirm password reset action for this user and make sure that requested
> password doesn't apply the password rules. In my case password is too short.
> The exception like "InvalidUser:InvalidPassword: Password too short" should
> be thrown.
> 5. Request the user by username. The user that comes in HTTP Response doesn't
> have "token" and "tokenExpireTime" attributes. But you may find "token" and
> "tokenExpireTime" value in SyncopeUser table for this user.
>
> I also noticed that ~ after 5 minutes left the L2 cache is gone.
> You can find an example in confirm_pwd_reset_action.sh script. Run this
> command to execute the script:
> "./confirm_pwd_reset_action.sh | tee temp.log"
> Here I'm trying to do confirm-password-reset action after 5 minutes of
> waiting with the password that doesn't match the rules. And then I'm
> requesting user by username. In response it comes without "token" and
> "tokenExpireTime".
>
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
