In 2.0.1, password encryption logic moved into the service layer. http://issues.appfuse.org/browse/APF-666
Click on the FishEye link to see the changes committed to SVN. Maybe that has something to do with your issue? In prior versions, the logic depended on a "encryptPassword" hidden field being created (by JavaScript). Matt On 2/10/08, Rob Hills <[EMAIL PROTECTED]> wrote: > Hi All, > > My app is based on Appfuse 2.0 (manually upgraded to 2.01) and Struts. > > I modified the core classes to add a "Company" attribute to the User object. > > In testing I've found a problem that I suspect is my fault, but I'm confused > about what's going on. > > When I create a new user in my application, the password value in the db is > encrypted as expected. However, if I use the user edit form to change the > user's password (either by editing the user as an administrator, or logging in > as that user and using "my profile"), the new password is stored in the db as > plain text. Of course, the next time that user tries to login, it fails with > an > invalid password. > > I've looked back at the original org.appfuse.webapp.action.UserAction class > and compared it with my modified version but I can't see where the > password encryption takes place, or what I may have done to stop that > happening. > > I assume that this works correctly in an unmodified Appfuse app, so can > someone please explain to me where the password encryption happens so I > can work out how I've broken it? > > Cheers, > Rob Hills > Waikiki, Western Australia > Mobile +61 (412) 904-357 > Fax: +61 (8) 9529-2137 > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
