[TRUNK-3877] Changing login password deletes secret answer - OpenMRS Issues

XML

Word

Printable

Details

Type: Bug
Status: Closed
Priority: Must
Resolution: Fixed
Affects Version/s: OpenMRS 1.9.2, Platform 1.11.0
Fix Version/s: Platform 1.11.0
Component/s: None
Labels:

Complexity:
Low

Description

Go to 'My Profile'. Set secret question and answer to non-empty strings and save. Then change password and save. User's secret answer is deleted (you can see this in the database).

I'm going to assume this is a bug, rather than a security feature because

There's no warning to the user
It inadvertently re-instates the secret question because its on the same form

I think the problem is HibernateUserDAO.updateUserPassword(..) which saves a new LoginCredentials object for the user with nulls for secret question and answer.

Gliffy Diagrams

Attachments

Options
- Sort By Name
- Sort By Date
- Ascending
- Descending
- Thumbnails
- List
- Download All

Attachments

TRUNK-3877.diff
12 kB
2013-06-23 06:05:22 GMT

Issue Links

relates to

TRUNK-3709 Secret answer should be encrypted

Closed

testing discovered

GRV-35 Error with OpenMRS 1.11: A javascript error has occurred: [Ljava.lang.StackTraceElement; cannot be cast

Closed

Activity

People

Assignee:: Radosław Puzdrowski

Reporter:: Rowan Seymour

Votes:: 2 Vote for this issue

Watchers:: 8 Start watching this issue

Dates

Created:: 2013-01-17 08:07:58 GMT

Updated:: 2014-10-28 03:27:31 GMT

Resolved:: 2014-10-28 03:27:31 GMT

Time Tracking

Estimated:

Remaining:

Logged: