Re: Reset Password Not Resetting Must Change Password Flag

Wed, 20 Dec 2017 23:24:03 -0800 

On 20/12/2017 14:45, justin.isenhour wrote:

I am currently running v2.0.6 and have recently noticed that if we toggle on
the Must Change Password flag then go through the Password Reset process we
are seeing the password changed and is syncing with the ldap connector but I
do not see the Must Change Password flag getting reset back to false, it
remains true.  I recently upgraded from 2.0.4 to 2.0.6, I cannot be certain
but I believe this was working before.  Any areas I should look at
specifically for troubleshooting this?


Hi Justin,

AFAICT there has been no change lately in the mustChangePassword user 
flag management: the only place where this is explicitly set to false is 
[1], e.g. when the password value is imported from an encoded value.
FYI, this happens in both LDAPPasswordPullActions [2] and 
DBPasswordPullActions [3], so I guess this is the reason why you 
remember that in the past the reset described above was working when 
pulling from LDAP.



Currently, the password reset process does not take the 
mustChangePassword flag into account: I was wondering if it would make 
sense, for the sake of safety, to explicitly add a call like [1] right 
afetr [4], e.g. every time that a password value is set.


WDYT?
Regards.


[1] 
https://github.com/apache/syncope/blob/2_0_X/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/entity/user/JPAUser.java#L256
[2] 
https://github.com/apache/syncope/blob/2_0_X/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/pushpull/LDAPPasswordPullActions.java#L114
[3] 
https://github.com/apache/syncope/blob/2_0_X/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/pushpull/DBPasswordPullActions.java#L132
[4] 
https://github.com/apache/syncope/blob/2_0_X/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/entity/user/JPAUser.java#L265


--
Francesco Chicchiriccò

Tirasa - Open Source Excellence
http://www.tirasa.net/

Member at The Apache Software Foundation
Syncope, Cocoon, Olingo, CXF, OpenJPA, PonyMail
http://home.apache.org/~ilgrosso/























					Reply via email to