Skip to content

Cannot create the user without an activation email #3959

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
kazoompa opened this issue Aug 10, 2016 · 1 comment
Closed

Cannot create the user without an activation email #3959

kazoompa opened this issue Aug 10, 2016 · 1 comment
Milestone
3.6.0

Comments

@kazoompa
Copy link

Motivation for or Use Case

Our client application requires that the user be created without any activation to proceed with the game. To do that, I have modified the UserService.createUser() so that activationKey is set to NULL and activated is set TRUE. I also provide the input password the user has provided. The user gets created without a problem but cannot login due to this error:

{"error":"invalid_grant","error_description":"Bad credentials"}

I tried to debug and discovered that the error is in this code:

if(authentication.getCredentials() == null) {
  this.logger.debug("Authentication failed: no credentials provided");
  throw new BadCredentialsException(this.messages.getMessage("AbstractUserDetailsAuthenticationProvider.badCredentials", "Bad credentials"));
} else {
  String presentedPassword = authentication.getCredentials().toString();
  // PROBLEM IS INVALID PASSWORD!!!!
  if(!this.passwordEncoder.isPasswordValid(userDetails.getPassword(), presentedPassword, salt)) {
    this.logger.debug("Authentication failed: password does not match stored value");
    throw new BadCredentialsException(this.messages.getMessage("AbstractUserDetailsAuthenticationProvider.badCredentials", "Bad credentials"));
  }
}

The salt is NULL but the password is definitely correct! I was wondering if I was miss a step or this is a bug.

Any help is greatly appreciated.

JHipster Version(s)

1.8.3

JHipster configuration, a .yo-rc.json file generated in the root folder
{
  "generator-jhipster": {
    "jhipsterVersion": "3.4.2",
    "baseName": "afgserver",
    "packageName": "com.afg.server",
    "packageFolder": "com/afg/server",
    "serverPort": "8080",
    "authenticationType": "oauth2",
    "hibernateCache": "ehcache",
    "clusteredHttpSession": "no",
    "websocket": "no",
    "databaseType": "sql",
    "devDatabaseType": "mysql",
    "prodDatabaseType": "mysql",
    "searchEngine": "no",
    "buildTool": "maven",
    "useSass": true,
    "applicationType": "monolith",
    "testFrameworks": [
      "gatling"
    ],
    "jhiPrefix": "jhi",
    "enableTranslation": true,
    "nativeLanguage": "en",
    "languages": [
      "en",
      "fr"
    ]
  }
}
Browsers and Operating System

Debian 8
Safari, Chrome
@jdubois
Copy link
Member

jdubois commented Aug 10, 2016

I have no idea what happens if the salt is "NULL", but appart from the part that it's a bad idea (and illegal in some countries, like mine), if you don't want the salt, then remove the password encryption altogether.

That's more a question for StackOverflow, and not a JHipster bug, so I'm closing this.

@jdubois jdubois closed this as completed Aug 10, 2016
@jdubois jdubois modified the milestone: 3.6.0 Aug 17, 2016
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
3.6.0
Development

No branches or pull requests
2 participants
@jdubois @kazoompa