Details
-
Type:
Bug
-
Status: Open
-
Priority:
Major
-
Resolution: Unresolved
-
Affects Version/s: 6.3-milestone-2, 6.2.3
-
Fix Version/s: None
-
Component/s: Old Core
-
Labels:
-
Difficulty:Unknown
-
Similar issues:
Description
Since XWIKI-5261 when you set or import a clear password in a XWikiDocument it's "salted".
This means that the following
{{groovy}} doc1 = new com.xpn.xwiki.doc.XWikiDocument() doc1.newObject('XWiki.XWikiUsers', xcontext.context) doc2 = doc1.clone() println doc1.equals(doc2) password = "password" doc1.getObject('XWiki.XWikiUsers').set('password', password, xcontext.context) doc2.getObject('XWiki.XWikiUsers').set('password', password, xcontext.context) println doc1.equals(doc2) {{/groovy}}
now gives
true false
Same issue with a XWikiDocument you would import twice from a XAR containing clear passwords (this is what caused XE-1499).
Attachments
Issue Links
- is related to
-
XE-1499 Conflict on Admin user when upgrading from 6.4.4 to 7.1.1
-
- Closed
-