[OAK-8408] UserImporter must not trigger creation of rep:pwd node unless included in xml (initial-pw-change) - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Improvement
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 1.16.0
Component/s: core, security
Labels:
None

Description

when xml-importing an existing user (i.e. Tree doesn't have status NEW upon import) calling UserManagerImpl.setPassword will force the creation of the rep:pwd node and rep:passwordLastModified property contained therein if theinitial-password-change feature is enabled.

imo the rep:pwd (and any properties contained therein) must not be auto-created by should only be imported if contained in the XML.

proposed fix: UserManagerImpl.setPassword already contains special treatment for the password hashing triggered upon xml import -> renaming that flag and respect it for the handling of the pw last modified.

stillalex, wdyt?

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

OAK-8408-tests.patch
19/Jun/19 06:40
30 kB
Angela Schreiber
OAK-8408.patch
19/Jun/19 06:40
5 kB
Angela Schreiber

Activity

People

Assignee:: Angela Schreiber

Reporter:: Angela Schreiber

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 18/Jun/19 08:39

Updated:: 28/Aug/19 13:14

Resolved:: 25/Jun/19 14:55