Re: Reset Password Not Resetting Must Change Password Flag

Thu, 21 Dec 2017 00:29:18 -0800 

On 21/12/2017 08:23, Francesco Chicchiriccò wrote:

On 20/12/2017 14:45, justin.isenhour wrote:
I am currently running v2.0.6 and have recently noticed that if we toggle on the Must Change Password flag then go through the Password Reset process we are seeing the password changed and is syncing with the ldap connector but I 
do not see the Must Change Password flag getting reset back to false, it
remains true.  I recently upgraded from 2.0.4 to 2.0.6, I cannot be certain 
but I believe this was working before.  Any areas I should look at
specifically for troubleshooting this?


Hi Justin,

AFAICT there has been no change lately in the mustChangePassword user 
flag management: the only place where this is explicitly set to false 
is [1], e.g. when the password value is imported from an encoded value.
FYI, this happens in both LDAPPasswordPullActions [2] and 
DBPasswordPullActions [3], so I guess this is the reason why you 
remember that in the past the reset described above was working when 
pulling from LDAP.



Currently, the password reset process does not take the 
mustChangePassword flag into account: I was wondering if it would make 
sense, for the sake of safety, to explicitly add a call like [1] right 
afetr [4], e.g. every time that a password value is set.



All the tests went green with such change applied, hence I went out and 
commited [5]: expect such change wit upcoming 2.0.7.


Regards.


[1] 
https://github.com/apache/syncope/blob/2_0_X/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/entity/user/JPAUser.java#L256
[2] 
https://github.com/apache/syncope/blob/2_0_X/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/pushpull/LDAPPasswordPullActions.java#L114
[3] 
https://github.com/apache/syncope/blob/2_0_X/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/pushpull/DBPasswordPullActions.java#L132
[4] 
https://github.com/apache/syncope/blob/2_0_X/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/entity/user/JPAUser.java#L265

[5] 
https://github.com/apache/syncope/commit/199b66432bc835a715de0961bbd9cff12123745b


--
Francesco Chicchiriccò

Tirasa - Open Source Excellence
http://www.tirasa.net/

Member at The Apache Software Foundation
Syncope, Cocoon, Olingo, CXF, OpenJPA, PonyMail
http://home.apache.org/~ilgrosso/























					Reply via email to