I have this weird behaviour when saving users.
steps to reproduce behaviour
=====================
1. Login using default admin user and then click Edit Profile
2. Change password
3. Click save
4. Password is saved unencrypted.
I did some debugging and traced the error to this line in
UserManagerImpl.java
<startcode>
// Existing user, check password in DB
String currentPassword = dao.getUserPassword(user.getUsername());
...
if (!currentPassword.equals(user.getPassword())) {
passwordChanged = true;
}
<endcode>
currentPassword should return the old password in the DB but for some reason
it returns the latest (i.e the password that was just entered on the form).
And because of that, the code does not excrypt the new password based on the
following code
<startcode>
..
if (passwordChanged) {
user.setPassword(passwordEncoder.encodePassword(user.getPassword(), null));
}
<endcode>
Why doesn't "dao.getUserPassword(user.getUsername())" return the old
password in the DB?
thanks all!
Allan
--
View this message in context:
http://www.nabble.com/weird-behaviour-when-saving-User-tp18865534s2369p18865534.html
Sent from the AppFuse - User mailing list archive at Nabble.com.
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
