Old but nasty bug:

When editing a user profile (using the eZUser datatype) for the first time, the state of the user login data at that point is serialized inside the ezcontentobject_attribute data_text column and copied over for every new edit/publish operation. This info is never updated with the actual corresponding ezuser record.

The legacy kernel code in eZUserType use this data_text column to store (unsaved & saved) draft contents, but does not clear this upon publishing operattions.

The really nasty effect is that it breaks change and forgot password actions upon a subsequent edit

Scenario to reproduce(using legacy):

1) create a new User content item, assign password 'aaaa'
2) edit user object/profile and save
-> at this point the data_text column in ezcontentobject_attribute contains the hash corresponding to 'aaaa'

3) clear your (brain) memory and either use the forgot password or change password actions and set the password to a new value, say 'bbbb'

4) Log out and login again to verify you can use this 'bbbb' password

5) Edit the User object again and save it

6) Log out, and try to login with your new password 'bbbb' => FAILURE

What happened at this point is that the old serlialized uzuser record with the 'aaaa' password hash is inserted again in the ezuser table.

No matter if you change the password again, a subsequent User object edit will reset the password hash again to this initial 'aaaa' value

Proposed Fix: clear the data_text column in the onPublish method in eZUserType.

For historical data, ie existing users, the database needs to be cleaned for published versions