| << Back to previous view |
|
[QB-3990] Sign in with database if all other authentication methods failed
|
|
| Status: | Resolved |
| Project: | QuickBuild |
| Component/s: | None |
| Affects Version/s: | None |
| Fix Version/s: | 13.0.25 |
| Type: | Improvement | Priority: | Major |
| Reporter: | Nguyen Duc Long | Assigned To: | Unassigned |
| Resolution: | Fixed | Votes: | 0 |
| Remaining Estimate: | Unknown | Time Spent: | Unknown |
| Original Estimate: | Unknown | ||
| Description |
|
For some reason, all my body methods are faulty in the one day.
It would be really good if I could still log in with my account and password stored in the database. You have handled cases user is root or user authenticator is null. But in the remaining case, after all authenticator fail, try to log in with database. |
| Comments |
| Comment by Robin Shen [ 16/Jun/23 07:13 AM ] |
| Unfortunately this is not possible, as QB does not store password hash (both for security and management purpose) for users authenticating through external authentcators, and hence has no way to know if user credential is correct or not. |
| Comment by Nguyen Duc Long [ 16/Jun/23 07:50 AM ] |
|
Please add this to SecurityHelper.authenticate(String, String, String) function.
Changes from ``` if (user != null){ if (uesr.isRood()){ } if (uesr.getAuthenticator()!=null){ } if (lastAuthentication != null){ move lastAuthentication to first of authentications list } foreach(authentications) } else { } ``` to ``` if (user != null){ if (uesr.isRood()){ } if (uesr.getAuthenticator()!=null){ } if (lastAuthentication != null){ move lastAuthentication to first of authentications list } foreach(authentications) -> fail all -> check database } else { } ``` |
| Comment by Nguyen Duc Long [ 16/Jun/23 07:54 AM ] |
|
With the method of authentication using accounts and passwords, QB has a save the passwordHash.
if (result != null) { ...... if (passwordHash != null && !passwordHash.equals(user.getPassword())) { user.setPassword(passwordHash); CacheManager.instance.onPasswordUpdated(user.getId()); userUpdated = true; } ...... } |
| Comment by Robin Shen [ 16/Jun/23 09:46 AM ] |
| Sorry I remembered it incorrectly. With password hash being stored, it is trivial to add this improvement. Will be available in next patch release. |