Defect #2410
closed
Save password from default registration form to confidential storage
100%
Description
Password set in default registration form is not saved to confidential storage. Please improve this behavior for this attribute.
Files
Updated by Ondřej Kopr over 4 years ago
- File 001.png 001.png added
- File 002.png 002.png added
- Tracker changed from Task to Defect
- Priority changed from Normal to Immediate
- Affected versions 2.3.0, 2.3.1, 1.2.0, 2.0.0, 2.1.0, 2.1.1, 2.2.0, 2.4.0, 3.0.0 added
For new project can be used as workaround check confidential attribute in form definition and passwords will be stored in confidential storage and it will not be visible in frontend agenda:
For old project must be before change attribute to confidential removed all existing values for the password attribute, then can be attribute changed to confidential.
Updated by Ondřej Kopr over 4 years ago
- Assignee changed from Ondřej Kopr to Marek Klement
Updated by Marek Klement over 4 years ago
- Status changed from New to Needs feedback
- Assignee changed from Marek Klement to Ondřej Kopr
- Affected versions deleted (
2.3.0)
Changed attribute to confidential in initialization. Can you check it? @kopro
Updated by Marek Klement over 4 years ago
- Target version changed from 3.0.0 to 3.0.1
Updated by Ondřej Kopr over 4 years ago
- Status changed from Needs feedback to In Progress
- Assignee changed from Ondřej Kopr to Marek Klement
- % Done changed from 0 to 90
- update javadoc for methods = parameters are now different,
- please add just some small test for check password attribute.
After testing I found next issue with configuration property: idm.pub.reg.attributes.password.attr
The property conaints code of form attribute, but when exists two attributes in different type with same code, the whole password behavior fails. Please fix also this issue. Thank you. There is code that needs some change:
IdmFormAttributeFilter filter = new IdmFormAttributeFilter();
filter.setCode(configuration.getPasswordAttribute());
IdmFormAttributeDto passwordFormAttribute = formAttributeService.find(filter, null).getContent().stream()
.findFirst().orElseThrow(() -> new ResultCodeException(RegResultCode.WRONG_CONFIGURATION_DATA));
Updated by Marek Klement over 4 years ago
- Status changed from In Progress to Needs feedback
- Assignee changed from Marek Klement to Ondřej Kopr
- Fixed javadoc
- Added small test for creating confidential password
- Fixed issue with more codes found
Commit: https://git.bcvsolutions.eu/modules/reg/commit/eda83beb24dee47cb313c1becc572b56973e432b
Can you check it please @kopro ?
Updated by Ondřej Kopr over 4 years ago
- Status changed from Needs feedback to Resolved
- Assignee changed from Ondřej Kopr to Marek Klement
Nice! Your test is very simple and effective :D Thank you for fix this horrible bug.
LGTM :)
Updated by Marek Klement over 4 years ago
- Status changed from Resolved to Closed