Question

Password in Account not usable

0

I have a person entity based on the central Account Entity. When I store a first password into the password field I can't login with that password. Whne I change the password using the standard interface the logging in is possible and the account is usable. But the initial password is not working. Am I missing something here?

asked 2020-06-13

Freek van Keulen

3 answers

0

Have you checked the security? There is an XPath constraint there for the current user.

answered 2020-06-13

Robert Price

0

Solution was slightly different. When adding a default user role logging in was possible. So nothing to do with the password. Problem solved.

answered 2020-06-14

Freek van Keulen

Tim v Steenbergen · Accepted Answer · 2020-06-14

My guess is that one of two things go wrong:

your microflow saves the password to a different entity.
your microflow found a way to store the password as plaintext.

If you are saving the password in the System/User.password-attribute, it should get stored as a hash-value. I expect that there is no way to get a plain text value stored in a database field System/User.password because it is a type HashedString, but you might want to double-check that the value of System/User.password actually changes and is still BCrypt value. Now check this again while using the standard change password routine. Provided that you pass the same password, the new value in the database should be the same hash-value.

Doing the above test will also tell you if your microflow is saving the password to the correct entity and attribute.

Bytheway, I advise using module SystemManagement instead of Administration for about 16 reasons. But that is a different story.