Project

General

Profile

Actions

Defect #2410

closed

Save password from default registration form to confidential storage

Added by Petr Michal over 4 years ago. Updated over 4 years ago.

Status:
Closed
Priority:
Immediate
Assignee:
Marek Klement
Target version:
Start date:
07/29/2020
Due date:
% Done:

100%

Estimated time:
Affected versions:
Owner:

Description

Password set in default registration form is not saved to confidential storage. Please improve this behavior for this attribute.


Files

001.png (9.57 KB) 001.png Ondřej Kopr, 07/29/2020 11:08 AM
002.png (51.8 KB) 002.png Ondřej Kopr, 07/29/2020 11:08 AM
Actions #1

Updated by Ondřej Kopr over 4 years ago

  • File 001.png 001.png added
  • File 002.png 002.png added
  • Tracker changed from Task to Defect
  • Priority changed from Normal to Immediate
  • Affected versions 2.3.0, 2.3.1, 1.2.0, 2.0.0, 2.1.0, 2.1.1, 2.2.0, 2.4.0, 3.0.0 added

For new project can be used as workaround check confidential attribute in form definition and passwords will be stored in confidential storage and it will not be visible in frontend agenda:

For old project must be before change attribute to confidential removed all existing values for the password attribute, then can be attribute changed to confidential.

Actions #2

Updated by Ondřej Kopr over 4 years ago

  • Assignee changed from Ondřej Kopr to Marek Klement
Actions #3

Updated by Marek Klement over 4 years ago

  • Status changed from New to Needs feedback
  • Assignee changed from Marek Klement to Ondřej Kopr
  • Affected versions deleted (2.3.0)

Changed attribute to confidential in initialization. Can you check it? @kopro

Actions #4

Updated by Marek Klement over 4 years ago

  • Target version changed from 3.0.0 to 3.0.1
Actions #5

Updated by Ondřej Kopr over 4 years ago

  • Status changed from Needs feedback to In Progress
  • Assignee changed from Ondřej Kopr to Marek Klement
  • % Done changed from 0 to 90
I made review. There are just some little issues:
  • update javadoc for methods = parameters are now different,
  • please add just some small test for check password attribute.

After testing I found next issue with configuration property: idm.pub.reg.attributes.password.attr

The property conaints code of form attribute, but when exists two attributes in different type with same code, the whole password behavior fails. Please fix also this issue. Thank you. There is code that needs some change:

IdmFormAttributeFilter filter = new IdmFormAttributeFilter();
filter.setCode(configuration.getPasswordAttribute());
IdmFormAttributeDto passwordFormAttribute = formAttributeService.find(filter, null).getContent().stream()
    .findFirst().orElseThrow(() -> new ResultCodeException(RegResultCode.WRONG_CONFIGURATION_DATA));

Actions #6

Updated by Marek Klement over 4 years ago

  • Status changed from In Progress to Needs feedback
  • Assignee changed from Marek Klement to Ondřej Kopr
  • Fixed javadoc
  • Added small test for creating confidential password
  • Fixed issue with more codes found

Commit: https://git.bcvsolutions.eu/modules/reg/commit/eda83beb24dee47cb313c1becc572b56973e432b

Can you check it please @kopro ?

Actions #7

Updated by Ondřej Kopr over 4 years ago

  • Status changed from Needs feedback to Resolved
  • Assignee changed from Ondřej Kopr to Marek Klement

Nice! Your test is very simple and effective :D Thank you for fix this horrible bug.

LGTM :)

Actions #8

Updated by Ondřej Kopr over 4 years ago

  • % Done changed from 90 to 100
Actions #9

Updated by Marek Klement over 4 years ago

  • Status changed from Resolved to Closed
Actions

Also available in: Atom PDF