cmn12g001 / moteve

Automatically exported from code.google.com/p/moteve
0 stars 0 forks source link

Users password changes #7

Closed GoogleCodeExporter closed 8 years ago

GoogleCodeExporter commented 8 years ago
Somehow after some time the user password is changed by the system.

data from mt_user table:

"admin@localhost";t;    "21232f297a57a5a743894a0e4a801fc3" -- original
"admin@localhost";t;    "c3284d0f94606de1fd2af172aba15bf3" -- after some time;
CHANGED!!!

Original issue reported on code.google.com by radek.sk...@gmail.com on 9 Feb 2010 at 5:04

GoogleCodeExporter commented 8 years ago

Original comment by radek.sk...@gmail.com on 15 Feb 2010 at 3:44

GoogleCodeExporter commented 8 years ago
The issue was that user password was hashed in UserDao.store().

When an existing user was retrieved from the DB, its pwd was hashed. Then when 
the
user entity was updated, the already hashed pwd was hashed again.

Now the pwd hash is computed only once during user registration in
UserService.register().

Original comment by radek.sk...@gmail.com on 20 Feb 2010 at 6:10