You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@syncope.apache.org by "ASF subversion and git services (Jira)" <ji...@apache.org> on 2020/05/15 12:19:00 UTC
[jira] [Commented] (SYNCOPE-1563) User approval update should send
the password only when requested
[ https://issues.apache.org/jira/browse/SYNCOPE-1563?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17108226#comment-17108226 ]
ASF subversion and git services commented on SYNCOPE-1563:
----------------------------------------------------------
Commit 6b7d561bf5111146cccd8b0259a1c8f108f295ad in syncope's branch refs/heads/2_1_X from Andrea Patricelli
[ https://gitbox.apache.org/repos/asf?p=syncope.git;h=6b7d561 ]
[SYNCOPE-1563] Fixed password mangement in user approval form (#188)
* [SYNCOPE-1563] Do not initialize user approval form with the password taken from workflow
> User approval update should send the password only when requested
> -----------------------------------------------------------------
>
> Key: SYNCOPE-1563
> URL: https://issues.apache.org/jira/browse/SYNCOPE-1563
> Project: Syncope
> Issue Type: Bug
> Components: console
> Affects Versions: 2.1.6
> Reporter: Andrea Patricelli
> Assignee: Andrea Patricelli
> Priority: Major
> Fix For: 2.1.7, 3.0.0
>
>
> 1. Create an user approval request (through enduser by assigning groupForWorkflowApproval for example).
> 2. Login into console as an approver, claim and edit the request.
> 3. If you submit the form the password is added to the payload and a PasswordPatch is ever created with value the hased password taken from UserTO stored into the workflow.
> This also affects the mustChangePassword flag, that, if true for the UserTO under approval, is set to false (because password ever changes).
--
This message was sent by Atlassian Jira
(v8.3.4#803005)