Uploaded image for project: 'XWiki Platform'
  1. XWiki Platform
  2. XWIKI-12561

Can't compare two XWikiDocument with password property initialized with a clear password anymore

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Open
    • Priority: Major
    • Resolution: Unresolved
    • Affects Version/s: 6.3-milestone-2, 6.2.3
    • Fix Version/s: None
    • Component/s: Old Core
    • Labels:
    • Difficulty:
      Unknown
    • Similar issues:

      Description

      Since XWIKI-5261 when you set or import a clear password in a XWikiDocument it's "salted".

      This means that the following

      {{groovy}}
doc1 = new com.xpn.xwiki.doc.XWikiDocument()
doc1.newObject('XWiki.XWikiUsers', xcontext.context)
doc2 = doc1.clone()

println doc1.equals(doc2)

password = "password"

doc1.getObject('XWiki.XWikiUsers').set('password', password, xcontext.context)
doc2.getObject('XWiki.XWikiUsers').set('password', password, xcontext.context)

println doc1.equals(doc2)
{{/groovy}}

      now gives

      true
false

      Same issue with a XWikiDocument you would import twice from a XAR containing clear passwords (this is what caused XE-1499).

        Attachments

          Issue Links

          is related to

          Bug - A problem which impairs or prevents the functions of the product. XE-1499 Conflict on Admin user when upgrading from 6.4.4 to 7.1.1

          • Blocker - Blocks development and/or testing work, production could not run.
          • Closed

            Activity

              People

              Assignee:
              Unassigned Unassigned
              Reporter:
              tmortagne Thomas Mortagne
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Dates

                Created:
                Updated: