Uploaded image for project: 'OpenMRS Core'
  1. OpenMRS Core
  2. TRUNK-3877

Changing login password deletes secret answer

    XMLWordPrintable

    Details

    • Complexity:
      Low

      Description

      Go to 'My Profile'. Set secret question and answer to non-empty strings and save. Then change password and save. User's secret answer is deleted (you can see this in the database).

      I'm going to assume this is a bug, rather than a security feature because

      • There's no warning to the user
      • It inadvertently re-instates the secret question because its on the same form

      I think the problem is HibernateUserDAO.updateUserPassword(..) which saves a new LoginCredentials object for the user with nulls for secret question and answer.

        Gliffy Diagrams

          Attachments

            Issue Links

              Activity

                People

                Assignee:
                rpuzdrowski Radosław Puzdrowski
                Reporter:
                rowanseymour Rowan Seymour
                Votes:
                2 Vote for this issue
                Watchers:
                8 Start watching this issue

                  Dates

                  Created:
                  Updated:
                  Resolved:

                    Time Tracking

                    Estimated:
                    Original Estimate - 2 hours Original Estimate - 2 hours
                    2h
                    Remaining:
                    Remaining Estimate - 0 minutes
                    0m
                    Logged:
                    Time Spent - 2 days
                    2d