Uploaded image for project: 'XWiki Platform'
  1. XWiki Platform
  2. XWIKI-12561

Can't compare two XWikiDocument with password property initialized with a clear password anymore

    XMLWordPrintable

Details

    • Bug
    • Resolution: Unresolved
    • Major
    • None
    • 6.3-milestone-2, 6.2.3
    • Old Core
    • Unknown

    Description

      Since XWIKI-5261 when you set or import a clear password in a XWikiDocument it's "salted".

      This means that the following

      {{groovy}}
doc1 = new com.xpn.xwiki.doc.XWikiDocument()
doc1.newObject('XWiki.XWikiUsers', xcontext.context)
doc2 = doc1.clone()

println doc1.equals(doc2)

password = "password"

doc1.getObject('XWiki.XWikiUsers').set('password', password, xcontext.context)
doc2.getObject('XWiki.XWikiUsers').set('password', password, xcontext.context)

println doc1.equals(doc2)
{{/groovy}}

      now gives

      true
false

      Same issue with a XWikiDocument you would import twice from a XAR containing clear passwords (this is what caused XE-1499).

      Attachments

        Issue Links

          is related to

          Bug - A problem which impairs or prevents the functions of the product. XE-1499 Conflict on Admin user when upgrading from 6.4.4 to 7.1.1

          • Blocker - Blocks development and/or testing work, production could not run.
          • Closed

          Bug - A problem which impairs or prevents the functions of the product. XWIKI-5261 Password hashes dumpable

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Closed

          Activity

            People

              Unassigned Unassigned
              tmortagne Thomas Mortagne
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated: