[jira] [Commented] (OFBIZ-5618) Update Password
[ https://issues.apache.org/jira/browse/OFBIZ-5618?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17719771#comment-17719771 ] Jacques Le Roux commented on OFBIZ-5618: OK, thanks > Update Password > --- > > Key: OFBIZ-5618 > URL: https://issues.apache.org/jira/browse/OFBIZ-5618 > Project: OFBiz > Issue Type: Bug > Components: framework >Affects Versions: Trunk >Reporter: Yachna chadha >Assignee: Chenghu Shan >Priority: Major > Attachments: LoginServices.java > > > In LoginServices.updatePassword there is a check to see if the Logged in User > is equal to the user login the password is being changed for. This check IS > case sensitive. Since the logged in User has already passed validations in > signing in this check should NOT be case sensitive. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (OFBIZ-5618) Update Password
[ https://issues.apache.org/jira/browse/OFBIZ-5618?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17719767#comment-17719767 ] Michael Brohl commented on OFBIZ-5618: -- Hi Jacques, we are currently on the move to rework the password handling a bit and stumbled upon this issue during the process. There will be a follow-up Jira issue soon where we describe the changes that should be done in our opinion. > Update Password > --- > > Key: OFBIZ-5618 > URL: https://issues.apache.org/jira/browse/OFBIZ-5618 > Project: OFBiz > Issue Type: Bug > Components: framework >Affects Versions: Trunk >Reporter: Yachna chadha >Assignee: Chenghu Shan >Priority: Major > Attachments: LoginServices.java > > > In LoginServices.updatePassword there is a check to see if the Logged in User > is equal to the user login the password is being changed for. This check IS > case sensitive. Since the logged in User has already passed validations in > signing in this check should NOT be case sensitive. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (OFBIZ-5618) Update Password
[ https://issues.apache.org/jira/browse/OFBIZ-5618?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17719758#comment-17719758 ] Jacques Le Roux commented on OFBIZ-5618: Hi Michael, I see this possiblity only at lines 831 to 833. It depends on password.lowercase security property. That's what you talk about? > Update Password > --- > > Key: OFBIZ-5618 > URL: https://issues.apache.org/jira/browse/OFBIZ-5618 > Project: OFBiz > Issue Type: Bug > Components: framework >Affects Versions: Trunk >Reporter: Yachna chadha >Assignee: Chenghu Shan >Priority: Major > Attachments: LoginServices.java > > > In LoginServices.updatePassword there is a check to see if the Logged in User > is equal to the user login the password is being changed for. This check IS > case sensitive. Since the logged in User has already passed validations in > signing in this check should NOT be case sensitive. -- This message was sent by Atlassian Jira (v8.20.10#820010)