Uploaded image for project: 'OpenIDM'
  1. OpenIDM
  2. OPENIDM-10971

Backport OPENIDM-6782: Password is re-encrypted during any managed object update/patch

    Details

      Description

      When I tried update email via patch then password was re-encrypted but it shouldn't be because I did update only email.

      Step for reproduce

      • Deploy and run OpenIDM, Also you can change audit loging from json to csv ...
      • Create new user
        curl --header "If-None-Match: *" --header "Content-Type: application/json" --header "X-OpenIDM-Password: openidm-admin" --header "X-OpenIDM-Username: openidm-admin" --data '{"userName": "b2tRGEhm", "telephoneNumber": "6669876987", "givenName": "rick", "description": "Just another user", "sn": "sutter", "mail": "rick@example.com", "password": "Th3Password"}' --request PUT "http://localhost:8080/openidm/managed/user/b2tRGEhm"
        
      • Update email
        curl --header "Content-Type: application/json" --header "X-OpenIDM-Password: openidm-admin" --header "X-OpenIDM-Username: openidm-admin" --data '[{"operation":"replace","field":"mail","value":"change@patch.com"}]' --request PATCH "http://localhost:8080/openidm/managed/user/b2tRGEhm"
        
      • Open activity audit file activity.audit.json or activity.csv from audit folder and look to last record.
      • Here you can see in before attribute where there is value before changing email
        {"userName":"b2tRGEhm","telephoneNumber":"6669876987","givenName":"rick","description":"Just another user","sn":"sutter","mail":"rick@example.com","password":{"$crypto":{"type":"x-simple-encryption","value":{"cipher":"AES/CBC/PKCS5Padding","salt":"crXF1o9CueMXRUo+PMEhMA==","data":"FoY2x480ChwIu3TxcQ3csw==","iv":"KkOov/IdfbIr8nOhT2LZJQ==","key":"openidm-sym-default","mac":"9ZRPpG0xSwsaM/iRgIgM4Q=="}}},"accountStatus":"active","effectiveRoles":[],"effectiveAssignments":[],"_id":"b2tRGEhm","_rev":"1"}
        
      • But in after attribute you can see that there are change two attribute email and password but expected result is only changing email
        {  
           "userName":"b2tRGEhm",
           "telephoneNumber":"6669876987",
           "givenName":"rick",
           "description":"Just another user",
           "sn":"sutter",
           "mail":"change@patch.com",
           "password":{  
              "$crypto":{  
                 "type":"x-simple-encryption",
                 "value":{  
                    "cipher":"AES/CBC/PKCS5Padding",
                    "salt":"HuORw3bKOsx7Ghx8divBWA==",
                    "data":"0NIuEIESadPbW1/yMnTVsg==",
                    "iv":"pBlucs28K+FCRc5KNIoZSA==",
                    "key":"openidm-sym-default",
                    "mac":"XoYpOF8KXqd4oNB4TcJwAw=="
                 }
              }
           },
           "accountStatus":"active",
           "effectiveRoles":[  
        
           ],
           "effectiveAssignments":[  
        
           ],
           "_id":"b2tRGEhm",
           "_rev":"2",
           "roles":[  
        
           ]
        }
        

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                mark.offutt Mark Offutt
                Reporter:
                mark.offutt Mark Offutt
                QA Assignee:
                Jakub Janoska
              • Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: