Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-9251

Inconsistent password handling for 'user/UMChangeUserPassword' and '/idm/Entities'

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Minor
    • Resolution: Won't Fix
    • Affects Version/s: 11.0.0, 11.0.1, 11.0.2, 11.0.3, 12.0.0, 12.0.1, 12.0.2, 12.0.3, 13.0.0
    • Fix Version/s: None
    • Component/s: console
    • Labels:
      None
    • Environment:
      java version "1.8.0_31"
      Apache Tomcat 8.0.24
      OpenAM 13.0.0
    • Support Ticket IDs:

      Description

      Creating an user identity via '/idm/Entities' allows to specify a ' ' (blank) as user password (setting sunIdRepoAttributeValidator=minimumPasswordLength=0 in realm-based sunIdentityRepositoryService).

      However changing the password via 'user/UMChangeUserPassword' does not allow to use a ' ' (blank) as the value is trimmed in UMChangeUserPasswordViewBean.handleButton1Request

      {code title="com.sun.identity.console.user.UMChangeUserPasswordViewBean"}

      public void handleButton1Request(RequestInvocationEvent event)
      throws ModelControlException {
      submitCycle = true;
      HttpServletRequest req = event.getRequestContext().getRequest();
      String formToken = req.getParameter(FORM_TOKEN);
      if (formToken == null || formToken.isEmpty() || !formToken.equals(getFormToken()))

      { setInlineAlertMessage(CCAlert.TYPE_ERROR, "message.error", "Invalid form token"); forwardTo(); return; }

      UMChangeUserPasswordModel model = (UMChangeUserPasswordModel) getModel();
      String userId = (String) getPageSessionAttribute(EntityEditViewBean.UNIVERSAL_ID);
      if (userId == null)

      { userId = model.getUserName(); }

      String pwd = (String) propertySheetModel.getValue(ATTR_PASSWORD);
      String reenter = (String) propertySheetModel.getValue(REENTER_PASSWORD);
      String oldPwd = (String) propertySheetModel.getValue(ATTR_OLD_PASSWORD);
      pwd = pwd.trim();
      ...

      
      

        Attachments

          Activity

            People

            • Assignee:
              peter.major Peter Major [X] (Inactive)
              Reporter:
              bthalmayr Bernhard Thalmayr
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: