Openbravo Issue Tracking System - Openbravo ERP
View Issue Details
0049411Openbravo ERPA. Platformpublic2022-05-25 13:142022-11-21 07:02
caristu 
guillermogil 
highminorhave not tried
scheduledopen 
5
 
 
Core
No
0049411: Password expiration is not checked in the web service authentication flow
Password expiration is not checked in the default web service authentication flow
1) Go to the user window and mark the "Expired Password" flag for a user
2) Execute a web service call, using the crendentials of the user changed in step 1), for example to: <server_url>/openbravo/ws/dal/Country. ERROR: the user is authorized and the WS request is completed although the user password is expired
Add a password expiration check in the DefaultAuthenticationManager.webServiceAuthenticate method in the same way that it is done for the standard login[1]

[1] https://gitlab.com/openbravo/product/openbravo/-/blob/master/src/org/openbravo/authentication/basic/DefaultAuthenticationManager.java#L153 [^]
No tags attached.
related to feature request 00322853.0PR16Q3 closed NaroaIriarte make possible to manually set a user as password expired 
related to feature request 0031796 closed jonibc Extend functionality with the option to define a day limit for the password to be changed 
Issue History
2022-05-25 13:14caristuNew Issue
2022-05-25 13:14caristuAssigned To => Triage Platform Base
2022-05-25 13:14caristuModules => Core
2022-05-25 13:14caristuTriggers an Emergency Pack => No
2022-05-25 13:16caristuSteps to Reproduce Updatedbug_revision_view_page.php?rev_id=24152#r24152
2022-05-25 13:19caristuProposed Solution updated
2022-05-25 13:20caristuDescription Updatedbug_revision_view_page.php?rev_id=24154#r24154
2022-05-25 13:22caristuProposed Solution updated
2022-05-25 13:23caristuProposed Solution updated
2022-05-25 13:29caristuRelationship addedrelated to 0032285
2022-05-25 13:29caristuRelationship addedrelated to 0031796
2022-06-23 12:46shuehnerIssue Monitored: shuehner
2022-11-15 06:56guillermogilStatusnew => acknowledged
2022-11-18 17:39hgbotNote Added: 0143840
2022-11-21 07:02guillermogilStatusacknowledged => scheduled
2022-11-21 07:02guillermogilAssigned ToTriage Platform Base => guillermogil

Notes
(0143840)
hgbot   
2022-11-18 17:39   
Merge Request created: https://gitlab.com/openbravo/product/openbravo/-/merge_requests/771 [^]