Version 3.4.2 includes new customer password security features. These features are disabled by default but even if you do not plan to enable them, there are significant changes to processing of customer logins and there are two changes in particular you should be aware of as you upgrade, which may require action to integrate with your customizations:
CustomerGatewayDAOHibernate.processLogin: This method has been deprecated and is no longer called by
BasicCustomerProcessor.processLoginin the default implementation. It's logic has been moved to
BasicCustomerProcessor.processLogininstead, (which is a more appropriate place since it is business logic). If you have overridden this method you must either override
BasicCustomerProcessor.processLoginand call it in your subclass, or move your customizations out of your subclass of
CustomerGatewayDAOHibernate.processLoginand into a subclass for
layouts/default-html5/customer/password.jsp: The customer's current password is one of the required form elements now. If you have customized this file, be sure to add the new field to your customizations.
If you do plan to enable the new customer password security features following the upgrade you may need also to integrate changes into the following areas:
com.softslate.commerce.customer.customerpackage: Several action classes and form classes have been changed to support error handling and validation of the new customer password security features. If you plan to use the features and have subclassed any of the classes that have changed, be sure to incorporate the upgrade's changes into your subclasses.
BasicCustomerProcessor.processLogin: If you have overridden or customized this method, please note there are numerous changes.
layouts/default-html5/customer/password.jsp: In addition to above-mentioned current password field, if you have customized this file, be sure to add the new conditional that affects which action the form is submitted to. The form is used to update expired passwords now.
Struts action mapping for /Login: If you have overridden the action configuration for /Login, please note a new <forward%gt; has been added to it: <forward name="passwordHasExpired" path="/ExpiredPasswordForm.do" /%gt;. If you plan to use the expiring password feature, you'll need to add this forward to the <action%gt; element for /Login that you customized in
Struts action mappings for /CheckoutForceLogin and /CheckoutInviteLogin: Likewise, if you have overridden the action configuration for either of these URLs, please note this new <forward%gt; has been added to them: <forward name="passwordHasExpired" path="/CheckoutExpiredPasswordForm.do" /%gt;. If you plan to use the expiring password feature, you'll need to add this forward to the <action%gt; elements for /CheckoutForceLogin and/or /CheckoutInviteLogin that you customized in