Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Do not force customer to change the password when an agent has changed customer data via AdminCustomerUser #779

Closed
hcamminadi opened this issue Feb 6, 2021 · 4 comments
Closed

Do not force customer to change the password when an agent has changed customer data via AdminCustomerUser #779

hcamminadi opened this issue Feb 6, 2021 · 4 comments
Assignees
@stefanhaerter
Labels
bug Something isn't working as intended
Milestone
OTOBO 10.0.19

Comments

@hcamminadi
Copy link

Situation:

  • PasswordExpiry is active (e.g. 90 days)
    An existing customer user has already signed in via customer.pl and changed the initial password. Afterwards an agent changes any data e.g. city or postal code via AdminCustomerUser. As the agent leaves the password field blank, the pw value is not overwritten in db.
    As customer_preferences preferences_key 'UserLastPwChangeTime' will be removed due to the agents action this will lead to another password change when the customer tries to log in the next time.

Suggestion:
Problem is that in AdminCustomerUser.prn DeleteOnePreference is called with key 'UserLastPwChangeTime' if the password did not match the old one. It would help if this action is skipped if the new password is empty as empty passwords will not be stored. If there are plans to allow an agent to empty an existing password this would not help.

The surrounding if in the next block is new and helps for me:

        if ($GetParam{UserPassword}) {
            if ( $CurrentUserData{UserPassword} ne $GetParam{UserPassword} ) {
                $UpdateSuccess = $CustomerUserObject->DeleteOnePreference(
                    Key    => 'UserLastPwChangeTime',
                    UserID => $GetParam{ID},
                );
            }
        }
@hcamminadi hcamminadi changed the title Do not force customer to change the password when an agent has stored customer data via AdminCustomerUser Do not force customer to change the password when an agent has changed customer data via AdminCustomerUser Feb 6, 2021
@svenoe svenoe mentioned this issue Feb 8, 2021
Closed
@svenoe svenoe added the bug Something isn't working as intended label Feb 8, 2021
@svenoe svenoe added this to the OTOBO 10.0 milestone Feb 8, 2021
@svenoe
Copy link
Contributor

svenoe commented Feb 8, 2021

Hi hcamminadi,

thanks for your contribution. You are right, that this behavior should be changed. At the moment we do not yet totally support the customer preferences and password options. I think this here should be done as an addition to that general task, and I linked the issue to #750.

Best regards, Sven

@bschmalhofer
Copy link
Contributor

bschmalhofer commented Sep 29, 2021
edited
Loading

When looking at the history of that code I found that code comment that might be interesting:

# Rother OSS - Reset Preferences UserLastPwChangeTime last login after password reset

Thus, when making changes it must be assured that resetting customer passwords still works.

@bschmalhofer
Copy link
Contributor

@svenoe : Is this issue solved with #750?

stefanhaerter added a commit that referenced this issue Sep 27, 2023
@stefanhaerter
Issue #779: Delete last reset time of customer user password only if …
2b87016 
…password is not empty.
@stefanhaerter stefanhaerter mentioned this issue Sep 27, 2023
Merged
@stefanhaerter stefanhaerter self-assigned this Sep 27, 2023
svenoe pushed a commit that referenced this issue Sep 28, 2023
@stefanhaerter @svenoe
Issue #779: Delete last reset time of customer user password only if …
dbd89db 
…password is not empty.
@stefanhaerter
Copy link
Contributor

Closed with merging #2532

@bschmalhofer bschmalhofer modified the milestones: OTOBO 10.0, OTOBO 10.0.19 Oct 5, 2023
@stefanhaerter stefanhaerter mentioned this issue Oct 5, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@stefanhaerter stefanhaerter

Labels
bug Something isn't working as intended
Projects
None yet
Milestone
OTOBO 10.0.19
Development

No branches or pull requests
4 participants
@bschmalhofer @stefanhaerter @svenoe @hcamminadi