portals-jetspeed-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Turpin, Jay" <jay.tur...@intel.com>
Subject RE: UpdateAccount Save Password Bug Fix
Date Mon, 30 Apr 2001 21:29:34 GMT
Thanks for the additional information. However, maybe you can clear up some
confusion on our part. Why use:

data.getUser().setPerm( org.apache.turbine.om.security.User.FIRST_NAME,
firstname );

instead of:

data.getUser().setFirstName(firstname);


Maybe this question comes from my general confusion about the design. Based
on reading the documentation about Peers on the Turbine web site, I thought
TurbineUserPeer is used for interacting with the underlying data repository,
in this case, the TURBINE_USER table in the database. However, in the code
below, it looks like it is being used as "User" object for the application.

I have a difficult time understanding the purpose of many of the features in
the User interface, particularly get- and setPerm(). How do these functions
differ from using the accessor methods in the TurbineUser class?

I think of the system working this way, please educate me if I am mistaken: 
* The app should use the TurbineUserPeer class to fetch a TurbineUser object
* Use the data in the TurbineUser object to populate a form and store
updates made by the user
* If the data needs to be made permanent, create a Criteria object using the
data in TurbineUser and save it to the database using TurbineUserPeer

Is this viewpoint correct? Or am I missing something?

Regards,
Jay Turpin
Intel Corporation



-----Original Message-----
From: Lars Vogelgesang [mailto:vogelg@rumms.uni-mannheim.de]
Sent: Saturday, April 28, 2001 4:06 AM
To: jetspeed-dev@jakarta.apache.org
Subject: Re: UpdateAccount Save Password Bug Fix


Hi!
Thank you for presenting this fix!!!

There's is a very similar problem concerning the change of your firstname,
lastname and e-mail.
To persistently save this information, you can add the following lines to
UpdateAccount.java (around line 210):

Old version:
// update currently logged in information that might have changed
data.getUser().setPerm(TurbineUserPeer.FIRST_NAME, firstname);
data.getUser().setPerm(TurbineUserPeer.LAST_NAME, lastname);
data.getUser().setPerm(TurbineUserPeer.EMAIL, email);

New Version:
// update currently logged in information that might have changed
data.getUser().setPerm(TurbineUserPeer.FIRST_NAME, firstname);
data.getUser().setPerm( org.apache.turbine.om.security.User.FIRST_NAME,
firstname );
data.getUser().setPerm(TurbineUserPeer.LAST_NAME, lastname);
data.getUser().setPerm( org.apache.turbine.om.security.User.LAST_NAME,
lastname
);
data.getUser().setPerm(TurbineUserPeer.EMAIL, email);
data.getUser().setPerm( org.apache.turbine.om.security.User.EMAIL, email );

Perhaps you can also remove the 'old' lines. But I am not sure about it!

Greetings, Lars



"Turpin, Jay" schrieb:

> This is a resend. Seems like the mailing list was down for a while
yesterday
> and I'm not sure if this was received properly.
>
> I believe I have fixed a bug in the Edit Account/UpdateAccount code.
>
> Scenario:
> * Login into Jetspeed using Turbine/Turbine.
> * Navigate to Edit Account page.
> * Change password and press Update Account.
> * Look in the database (using your favorite db browser) and verify that
> password changed.
> * Logout of Jetspeed
> * Login using new password - it will fail
> * Look in database again, password is the original one again.
>
> The problem seems to be this:
> * UpdateAccount saves the changes to the database, the TurbineUser object
> and a permanent storage HashTable in the TurbineUser Object.
> * However, the password is only saved to the database and the HashTable,
not
> the TurbineUser object
> * When the user logs out, an object somewhere (no sure where) takes the
data
> from the TurbineUser object and saves it to the database again,
overwriting
> the new password with the old one.
>
> The fix:
> Make the following change to the
>
jakarta-jetspeed/src/java/org/apache/jetspeed/modules/actionsUpdateAccount.j
> ava file (around line 208):
>
>         // update currently logged in information that might have changed
>         data.getUser().setPerm(TurbineUserPeer.FIRST_NAME, firstname);
>         data.getUser().setPerm(TurbineUserPeer.LAST_NAME, lastname);
>         data.getUser().setPerm(TurbineUserPeer.EMAIL, email);
>         // Old code - doesn't save password after logout
>         // if ( changepass )
>         //      data.getUser().setPerm(TurbineUserPeer.PASSWORD,
password);
>
>         if ( changepass ) {
>                 data.getUser().setPerm(TurbineUserPeer.PASSWORD,
password);
>                 // Save to TurbineUser object as well
>                 data.getUser().setPassword(password);
>         }
>
> Regards,
> Jay Turpin
> Intel Corporation
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: jetspeed-dev-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: jetspeed-dev-help@jakarta.apache.org

--
-------------------------------------
Lars Vogelgesang
vogelg@rumms.uni-mannheim.de
http://www.vogelgesang.xodox.de
http://www.madnotmad.de
http://www.munsters.de.st





---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: jetspeed-dev-help@jakarta.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: jetspeed-dev-help@jakarta.apache.org


Mime
View raw message