Uploaded image for project: 'OpenIDM'
  1. OpenIDM
  2. OPENIDM-9454

With an explicit mapping in a MySQL repo, you cannot create a managed user with password longer than 13 characters

    Details

      Description

      Steps to reproduce:

      1) launch OpenIDM with explicit mapping with MySQL configuration.
      So we use the files:

      • openidm/db/mysql/conf/repo.jdbc-mysql-explicit-managed-user.json
      • openidm/db/mysql/scripts/sample-explicit-managed-user.sql

      2) Try to create a managed user with a password of 14 chars ("Th3Password234")

      curl --header "X-OpenIDM-Username: openidm-admin" --header "X-OpenIDM-Password: openidm-admin" --header "If-None-Match: *" --header "Content-Type: application/json" --request PUT --data '{"userName":"bill","givenName":"bill","sn":"doe","telephoneNumber":"12345678","mail":"bill@door.com","password":"Th3Password234"}' http://localhost:8080/openidm/managed/user/bill  | jq '.'
      {
        "code": 500,
        "reason": "Internal Server Error",
        "message": "Creating object failed after 1 attempts (1406-22001): Data truncation: Data too long for column 'password' at row 1"
      }
      

      => this is not good as 14 chars is not that long for a (safe) password

      Note that with 13 chars it works OK:

      curl --header "X-OpenIDM-Username: openidm-admin" --header "X-OpenIDM-Password: openidm-admin" --header "If-None-Match: *" --header "Content-Type: application/json" --request PUT --data '{"userName":"bill","givenName":"bill","sn":"doe","telephoneNumber":"12345678","mail":"bill@door.com","password":"Th3Password23"}' http://localhost:8080/openidm/managed/user/bill  | jq '.'
      {
        "_id": "bill",
        "_rev": "0",
         (...)
      }
      

      My quick analysis: the "password" column in sample-explicit-managed-user.sql is defined as VARCHAR(255)

      CREATE  TABLE IF NOT EXISTS `openidm`.`managed_user` (
          `objectid` VARCHAR(38) NOT NULL,
          `rev` VARCHAR(38) NOT NULL,
          `userName` VARCHAR(255),
          `password` VARCHAR(255),
      

      But the password column will contain an encrypted version of the password ({"$crypto":{"type":"x-simple-encryption","value":{"cipher":"A...)
      Looks like a password of 13 chars will be encrypted in a string of 246 chars => fits in 255
      and a password of 14 chars will be encrypted in a string of 266 chars => does not fit in 255
      => we should extend the size of this column

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                katie.gonzalez Katie Gonzalez
                Reporter:
                laurent.bristiel Laurent Bristiel [X] (Inactive)
              • Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: