History | Log In     View a printable version of the current page.  
Issue Details (XML | Word | Printable)

Key: QB-3990
Type: Improvement Improvement
Status: Resolved Resolved
Resolution: Fixed
Priority: Major Major
Assignee: Unassigned
Reporter: Nguyen Duc Long
Votes: 0
Watchers: 0
Operations

If you were logged in you would be able to see more operations.
QuickBuild

Sign in with database if all other authentication methods failed

Created: 16/Jun/23 03:24 AM   Updated: 16/Jun/23 09:59 AM
Component/s: None
Affects Version/s: None
Fix Version/s: 13.0.25

Original Estimate: Unknown Remaining Estimate: Unknown Time Spent: Unknown


 Description  « Hide
For some reason, all my body methods are faulty in the one day.
It would be really good if I could still log in with my account and password stored in the database.

You have handled cases user is root or user authenticator is null.
But in the remaining case, after all authenticator fail, try to log in with database.

 All   Comments   Work Log   Change History      Sort Order:
Robin Shen [16/Jun/23 07:13 AM]
Unfortunately this is not possible, as QB does not store password hash (both for security and management purpose) for users authenticating through external authentcators, and hence has no way to know if user credential is correct or not.

Nguyen Duc Long [16/Jun/23 07:50 AM]
Please add this to SecurityHelper.authenticate(String, String, String) function.
Changes from
```
if (user != null){
    if (uesr.isRood()){
    }
    if (uesr.getAuthenticator()!=null){
    }
    if (lastAuthentication != null){
        move lastAuthentication to first of authentications list
    }
    foreach(authentications)
} else {
}
```
to
```
if (user != null){
    if (uesr.isRood()){
    }
    if (uesr.getAuthenticator()!=null){
    }
    if (lastAuthentication != null){
        move lastAuthentication to first of authentications list
    }
    foreach(authentications) -> fail all -> check database
} else {
}
```

Nguyen Duc Long [16/Jun/23 07:54 AM]
With the method of authentication using accounts and passwords, QB has a save the passwordHash.

if (result != null) {
......
if (passwordHash != null && !passwordHash.equals(user.getPassword())) {
user.setPassword(passwordHash);
CacheManager.instance.onPasswordUpdated(user.getId());
userUpdated = true;
}
......
}

Robin Shen [16/Jun/23 09:46 AM]
Sorry I remembered it incorrectly. With password hash being stored, it is trivial to add this improvement. Will be available in next patch release.

Change by Steve Luo [16/Jun/23 09:59 AM]
Field Original Value New Value
Status Open [ 1 ] Resolved [ 5 ]
Assignee Robin Shen [ robinshine ]
Resolution Fixed [ 1 ]

Change by Steve Luo [16/Jun/23 09:59 AM]
Fix Version/s 13.0.25 [ 12227 ]