EncryptPassword and the generic User_login

EncryptPassword and the generic User_login

  

Afternoon guys.

Have been building my web app into a multi-tenant application. Everything has seemingly gone ok most of the day until I have run into a problem  getting my registered users to login. Details:


1) I have the normal core data module

2) I have a general public registration module which allows a member of the public to register and create a new account. When the username and password are saved it uses the out of the box EncryptPassword capability. I can see the Hash being saved into the database in the user entity and it matches the debugger.



3) I have a main portal module that asks the member of the public to login to use the features available (using the default login scripts as provided by the platform.) With the new users I have created through 2) above I continually get an invalid username or password error. I noticed (in the picture below that the password at the breakpoint is still unhashed).


Breakpoint 1:



As I am thinking its a miss-match of the encryption of the passwords between the registration and the login script I played around with adding the same encryption as I have done in my registration module in front of the User login action, with 3 break points, which show the hash being correct.

Breakpoint 1:


Breakpoint 2:


Breakpoint 3:


However, regardless I fail to gain access.


4) I have an equivalent to the TenantManagement module where I can see Users being created against relevant Tenants, as a result of 2) above. I can confirm from this module that users are being created and I can activate them. I can also see that the password hash being generated by 2) above is being stored correctly in the user entity.


I am now wondering if it is something else causing the error. Can anyone help?


Cheers

Hamish

Solution

Hi Hamish,

Consider this two observations, probably will help you:

1) When you have a multi-tenant application, you need to login in the correct tenant of the user that you created.

2) You have passwords in session variables, try to avoid this because of security concerns.

Regards!

Solution

Thanks Marco....all sorted


Hamish