search

chicks / sugarcrm

A ruby based REST Client for SugarCRM
MIT License
90 stars 64 forks source link

Update user_hash fails #89

Open wizardone opened 11 years ago

wizardone commented 11 years ago

I am trying to update some user information and the user_hash(password basically) fails. Here is my code: inactive_users = SugarCRM::User.find_all_by_status('Inactive') inactive_users.each do |user| user.status = "Active" user.user_hash = hash_password user.save! end

If a try pp user i see that both fields were updated:

SugarCRM::Namespace0::User id: "7b384811-d27f-5f67-6b27-515428674aad", is_admin: false, is_group: false, last_name: "Wendy Nelson", m_accept_status_fields: " ...", messenger_id: "", messenger_type: "", modified_by_name: "", modified_user_id: "1", name: nil, phone_fax: "", phone_home: "", phone_mobile: "", phone_other: "", phone_work: "", portal_only: false, pwd_last_changed: "", receive_notifications: true, reports_to_id: "", reports_to_name: "", securitygroup_noninher_fields: " ...", securitygroup_noninherit_id: nil, securitygroup_noninheritable: false, show_on_employees: true, status: "Active", sugar_login: true, system_generated_password: false, title: "", type_c: "agent", user_hash: "some random hash", user_name: "20304603"

But then if i look in the db, i see that the status field for the user was updated, but the user_hash is blank? Any idea why this is happening?

chicks commented 11 years ago

Which edition and version of sugar?

wizardone commented 11 years ago

The free edition of Sugar, i think its CE, Version 6.5.0 (Build 8338)

wizardone commented 11 years ago

After some more debugging i did this:

inactive_users.each do |user|

This does not work! Doesn`t save the hash_password in the db

        user.status = "Active"
        user.user_hash = hash_password
        user.save!
        # This works!
        new_user = @sugarcrm_namespace::User.new
        new_user.status = "Active"
        new_user.user_name = "Wendy Test"
        new_user.user_hash = hash_password
        new_user.save!

end

It turns out that the new_user was saved in the db with no problems, using the exact same hash_password, but the hash for the updated one(the first one) does not get saved. I also tried with update_attributes, but it didn`t work.

chicks commented 11 years ago

If you enable debugging, SugarCRM.connection.debug = true you should see the user_hash get passed in the JSON request. My hunch is that Sugar is simply ignoring that value.

wizardone commented 11 years ago

Yeah, i can see it in the set_entry: Request: section of the JSON, but that not doing me any good, unfortunately. How can Sugar just ignore the value?

wizardone commented 11 years ago

After some more testing i found that updating the db directly from ActiveRecord::Base.connection works. It`s not so pretty, but its doing the job for now :)

damianfarina commented 11 years ago

It seems that sugar does not allow to update user_hash Here is the file that defines fields of User class Line 64 defines user_hash, if you change sensitive to false, you'll be able to update it. Anyway, I'm don't know what security issues may appear changing this value.

chicks commented 11 years ago

Hrm, thanks for that! let me ask one of our architects @ sugar and see what's up.

damianfarina commented 11 years ago

@chicks please let me know if you get some feedback from them. Thanks!