multiple encodings break the password #12
Conversation
an encode() method call in it - the password gets encode()d· twice, and one can never log in with one's password. Maybe this should stay in these files, and the encode()ing in the· User domain should be removed. These files have 'salt' mechanisms in them, which is missing from the user domain, although that could be added there perhaps? In any event, I have to modify these files to get basic self registration and subseqent password authentication to work.
|
There's a configuration attribute for this as of version 0.2 - see "Password Encryption" in http:https://grails-plugins.github.com/grails-spring-security-ui/docs/manual/guide/10%20Customization.html |
|
I don't think that's what I'm getting at. The generated User/Person domain class will do an encode() in the save method(), but the service and controller provided also encode() as well. It doesn't matter what encoding method is used, it's the fact that a password is being double encoded which is the problem. Sorry... I misread - I get it, and can deal with this, but... it feels like there should be some standardization going forward, either generated domains should encode, or the controllers/services (by default) should encode. Shipping both by default 'on' causes this to not work out of the box. |
an encode() method call in it - the password gets encode()d·
twice, and one can never log in with one's password.
Maybe this should stay in these files, and the encode()ing in the·
User domain should be removed. These files have 'salt'
mechanisms in them, which is missing from the user domain,
although that could be added there perhaps?
In any event, I have to modify these files to get basic
self registration and subseqent password authentication to work.