Details
-
Bug
-
Status: Open
-
Major
-
Resolution: Unresolved
-
1.5
-
None
-
None
-
Database: Postgres
JVM: J2DSK 1.4.02_04
OS: Redhat 9.x/Windows XPSP2
Description
UserUpdateAction re-encrypts encrypted password when secure.passwords=true
Thus making the edit user capability unusable unless the purpose was to also reset the password.
I've been throwing around something simple, such as:
services.JetspeedSecurity.secure.passwords.allowblank=true|false
UserUpdateAction.doUpdate: Null password is ok, depending on
if secure.passwords=true {
if (password != null)
else {
if secure.passwords.allowblank {
if (unsetpassword)
} else
{ // Skip, no changes } }
}
Modify user-form.vm, add a checkbox next to password (if secure.passwords.allowblank=true) eg, Unset Password