There seem to be a few bugs in 7.11.0 in the Users and Employee modules:
(WAMP under windows. PHP 7.1)
passwords are not stored:
This results in being unable to login
Workaround: edit password hash directly in database.
Other potential connected issues: maybe other values are not saved correctly.
Users may be saved with duplicate usernames
Unknow potential issues may arise
Users nor Employees may be deleted
18 January 2019 15:18
Fixed here I believe
if you can please test that would be great. Thanks!
I tested the patch and it works! Now the password is saved.
There are two more problems to solve:
there is no way to delete a user
the system allows to create multiple users with the same user name
Hmm, I can’t replicate either:
You’re right there is no mass delete option (I remember this being removed for some reason) but you can delete from detail-view.
Works for me, you should get a message “The user name (“name”) already exists. Duplicate user names are not allowed. Please change the user name to be unique.”. Are you certain the names were identical?
Thanks for the assistance!
I am unable to delete Users in ListView (which would be very handy), in EditView and in DetailView (see three attached images):
No possibility to delete User in ListView:
No possibility to delete User in DetailView:
No possibility to delete User in EditView:
The only way is programmatically but it is not recommendable because there are few tables to touch.
Multiple Users with the same username
Before applying the patch for the passwords I have successfully created a few users with the same username (this is what is used for logging in).
DB table with two users with username “test_user_001”:
ListView with two users with username “test_user_001”:
The only error in the log has to do with elasticsearch failing in something repetitively (although I did not enable it) but let’s leave this to another thread!
However, after applying the patch now I get the same error message that you suggested:
“The user name test_user_001 already exists. Duplicate user names are not allowed. Please change the user name to be unique.”
I haven’t analysed the code of the patch but I remember reading somewhere that, when the password is not saved, the User is saved skipping other checks, so that could be the case.