Uploaded image for project: 'OpenIDM'
  1. OpenIDM
  2. OPENIDM-11068

Internal User authentication failing when using "encrypt" instead of "hash" in router.json

    Details

    • Verified Version/s:

      Description

      Since commits done for OPENIDM-10885 Internal User authentication failing when using "encrypt" instead of "hash" in router.json

      Steps to reproduce:

      1) unzip OpenIDM

      2) update router.json to use encrypt instead of hash for password of internal user:
      change:

      {
      "pattern" : "internal/user((/.+)|$)",
      "onRequest" : {
      "type" : "text/javascript",
      "source" : "request.content.password = require('crypto').hash(request.content.password);"
      },
      "methods" : [
      "create",
      "update"
      ]
      }
      

      into:

      {
      "pattern" : "internal/user((/.+)|$)",
      "onRequest" : {
      "type" : "text/javascript",
      "source" : "request.content.password = require('crypto').encrypt(request.content.password);"
      },
      "methods" : [
      "create",
      "update"
      ]
      }
      

      3) start OpenIDM

      4) on startup Password of Internal Users are not encrypted.
      So we update openidm-admin user to see if the password gets encrypted but it fails:

      curl --header "Content-Type: application/json" --header "X-OpenIDM-Password: openidm-admin" --header "X-OpenIDM-Username: openidm-admin" --header "If-Match: *" --data '{ "roles": [\{"_ref":"internal/role/openidm-admin"},\{"_ref":"internal/role/openidm-authorized"}], "password": "Passw0rd" }' --request PUT "curl http://localhost:8080/openidm/internal/user/openidm-admin"
      {
      "code": 401,
      "reason": "Unauthorized",
      "message": "Access Denied"
      }
      

      Notes:

      this use case is working OK when we leave the default "hash" => we can update openidm-admin and we see password got hashed
      this was working OK with "encrypt" before merge for OPENIDM-10885 => we could update openidm-admin and we see password got encrypted
      pyforge command to check for the failure/fix:

      ./run-pybot.py --suite auth*.interna.encry --test admin_query_users_with_valid_credentials OpenIDM
      

        Attachments

          Activity

            People

            • Assignee:
              jbranch Jon Branch
              Reporter:
              laurent.bristiel Laurent Bristiel [X] (Inactive)
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: