Uploaded image for project: 'XWiki Platform'
  1. XWiki Platform
  2. XWIKI-12561

Can't compare two XWikiDocument with password property initialized with a clear password anymore

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Open
    • Priority: Major
    • Resolution: Unresolved
    • Affects Version/s: 6.3-milestone-2, 6.2.3
    • Fix Version/s: None
    • Component/s: Old Core
    • Labels:
    • Difficulty:
      Unknown
    • Similar issues:

      Description

      Since XWIKI-5261 when you set or import a clear password in a XWikiDocument it's "salted".

      This means that the following

      {{groovy}}
      doc1 = new com.xpn.xwiki.doc.XWikiDocument()
      doc1.newObject('XWiki.XWikiUsers', xcontext.context)
      doc2 = doc1.clone()
      
      println doc1.equals(doc2)
      
      password = "password"
      
      doc1.getObject('XWiki.XWikiUsers').set('password', password, xcontext.context)
      doc2.getObject('XWiki.XWikiUsers').set('password', password, xcontext.context)
      
      println doc1.equals(doc2)
      {{/groovy}}
      

      now gives

      true
      false
      

      Same issue with a XWikiDocument you would import twice from a XAR containing clear passwords (this is what caused XE-1499).

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              Unassigned Unassigned
              Reporter:
              tmortagne Thomas Mortagne
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Dates

                Created:
                Updated: