[OPENAM-9251] Inconsistent password handling for 'user/UMChangeUserPassword' and '/idm/Entities' Created: 27/Jun/16  Updated: 20/Nov/16  Resolved: 29/Jun/16

Status: Resolved
Project: OpenAM
Component/s: console
Affects Version/s: 11.0.0, 11.0.1, 11.0.2, 11.0.3, 12.0.0, 12.0.1, 12.0.2, 12.0.3, 13.0.0
Fix Version/s: None

Type: Bug Priority: Minor
Reporter: Bernhard Thalmayr Assignee: Peter Major [X] (Inactive)
Resolution: Won't Fix Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified
Environment:

java version "1.8.0_31"
Apache Tomcat 8.0.24
OpenAM 13.0.0


Rank: 1|hzrp5r:
Support Ticket IDs:

 Description   

Creating an user identity via '/idm/Entities' allows to specify a ' ' (blank) as user password (setting sunIdRepoAttributeValidator=minimumPasswordLength=0 in realm-based sunIdentityRepositoryService).

However changing the password via 'user/UMChangeUserPassword' does not allow to use a ' ' (blank) as the value is trimmed in UMChangeUserPasswordViewBean.handleButton1Request

{code title="com.sun.identity.console.user.UMChangeUserPasswordViewBean"}

public void handleButton1Request(RequestInvocationEvent event)
throws ModelControlException {
submitCycle = true;
HttpServletRequest req = event.getRequestContext().getRequest();
String formToken = req.getParameter(FORM_TOKEN);
if (formToken == null || formToken.isEmpty() || !formToken.equals(getFormToken()))

{ setInlineAlertMessage(CCAlert.TYPE_ERROR, "message.error", "Invalid form token"); forwardTo(); return; }

UMChangeUserPasswordModel model = (UMChangeUserPasswordModel) getModel();
String userId = (String) getPageSessionAttribute(EntityEditViewBean.UNIVERSAL_ID);
if (userId == null)

{ userId = model.getUserName(); }

String pwd = (String) propertySheetModel.getValue(ATTR_PASSWORD);
String reenter = (String) propertySheetModel.getValue(REENTER_PASSWORD);
String oldPwd = (String) propertySheetModel.getValue(ATTR_OLD_PASSWORD);
pwd = pwd.trim();
...




 Comments   
Comment by Peter Major [X] (Inactive) [ 29/Jun/16 ]

The legacy JATO pages are unlikely to get fixes for edgecases like these. Please open a new issue if this problem exists with the XUI as well.

Generated at Wed Mar 03 21:18:18 UTC 2021 using Jira 7.13.12#713012-sha1:6e07c38070d5191bbf7353952ed38f111754533a.