Uploaded image for project: 'XWiki Platform'
  1. XWiki Platform
  2. XWIKI-11801

ResetPassword feature is broken by password salting

    Details

    • Tests:
      Integration
    • Difficulty:
      Unknown
    • Documentation:
      N/A
    • Documentation in Release Notes:
      N/A
    • Similar issues:

      Description

      The resetpassword feature has been broken by the salting of passwords implemented in XWIKI-5261

      The verification of the string passed in the email is not working anymore.

      The following velocity macro works instead:

      #**
       * Verify that the request parameters are valid.
       * @param userName The user name (full document name) received in the URL.
       * @param validationString The unencrypted key that is stored in the ResetPasswordRequestClass object.
       * @param result A boolean where the validation result is returned. True if the request is valid, false otherwise.
       *#
      #macro(verifyRequest $userName $validationString $isValid)
        #set ($isValid = false)
        #if ($validationString != '' && $userName != '')
          ##encrypt($validationString $result)
          ##set ($encryptedValidationString = $result)
          #set ($currentString = $!xwiki.getDocumentAsAuthor($userName).getObject($verifClass).getProperty('verification').getValue())
          #set ($field = $xwiki.getClass($verifClass).getXWikiClass().get('verification'))
          #set ($encryptedValidationString = $field.getEquivalentPassword($currentString, $validationString))     
          #if ($currentString == $encryptedValidationString)
            #set ($isValid = true)
          #end
        #end
      #end
      

      The encrypt macro is not needed anymore

        Attachments

          Activity

            People

            • Assignee:
              enygma Eduard Moraru
              Reporter:
              ludovic Ludovic Dubost
            • Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:
                Date of First Response: