From a3b391128db6001222ecf4fa5f9b731a71350417 Mon Sep 17 00:00:00 2001
From: John Cardinal <support@ayanova.com>
Date: Thu, 11 Feb 2021 22:32:05 +0000
Subject: [PATCH]

---
 server/AyaNova/DataList/InsideUserDataList.cs |  2 +-
 server/AyaNova/biz/UserBiz.cs                 | 17 +++++++++++------
 2 files changed, 12 insertions(+), 7 deletions(-)

diff --git a/server/AyaNova/DataList/InsideUserDataList.cs b/server/AyaNova/DataList/InsideUserDataList.cs
index 365b7668..4c5225b6 100644
--- a/server/AyaNova/DataList/InsideUserDataList.cs
+++ b/server/AyaNova/DataList/InsideUserDataList.cs
@@ -13,7 +13,7 @@ namespace AyaNova.DataList
             SQLFrom = "from auser left join avendor on (auser.vendorid=avendor.id)";
             var RoleSet = BizRoles.GetRoleSet(DefaultListObjectType);
             AllowedRoles = RoleSet.ReadFullRecord | RoleSet.Change;
-            DefaultColumns = new List<string>() { "name", "employeenumber", "active", "usertype", "lastlogin", "roles" };
+            DefaultColumns = new List<string>() { "name", "employeenumber", "active", "usertype", "lastlogin" };
             DefaultSortBy = new Dictionary<string, string>() { { "name", "+" } };
 
             FieldDefinitions = new List<DataListFieldDefinition>();
diff --git a/server/AyaNova/biz/UserBiz.cs b/server/AyaNova/biz/UserBiz.cs
index 83fdc098..8d99dd5a 100644
--- a/server/AyaNova/biz/UserBiz.cs
+++ b/server/AyaNova/biz/UserBiz.cs
@@ -384,9 +384,11 @@ namespace AyaNova.Biz
 
             putObject.Tags = TagBiz.NormalizeTags(putObject.Tags);
             putObject.CustomFields = JsonUtil.CompactJson(putObject.CustomFields);
-            await ValidateAsync(putObject, dbObject);
-            if (HasErrors) return null;
-            var OriginalSalt = dbObject.Salt;
+
+            //the salt is not sent with the put object, it's only location is in the db and since this putObject is replacing the dbObject
+            //we need to set it again here
+            putObject.Salt = dbObject.Salt;
+            
             var OriginalPW = dbObject.Password;
             var OriginalLogin = dbObject.Login;
             ct.Replace(dbObject, putObject);
@@ -395,13 +397,12 @@ namespace AyaNova.Biz
             if (!string.IsNullOrWhiteSpace(putObject.Password))
             {
                 //YES password is being updated:                
-                putObject.Password = Hasher.hash(OriginalSalt, putObject.Password);
+                putObject.Password = Hasher.hash(putObject.Salt, putObject.Password);
             }
             else
             {
                 //No, use the snapshot password value
-                putObject.Password = OriginalPW;
-                putObject.Salt = OriginalSalt;
+                putObject.Password = OriginalPW;               
             }
             //Updating login?
             if (string.IsNullOrWhiteSpace(putObject.Login))
@@ -409,6 +410,10 @@ namespace AyaNova.Biz
                 //No, use the original value
                 putObject.Login = OriginalLogin;
             }
+
+            await ValidateAsync(putObject, dbObject);
+            if (HasErrors) return null;
+
             try
             {
                 await ct.SaveChangesAsync();