Details
-
Bug
-
Resolution: Unresolved
-
Neutral
-
None
-
6.2.20
-
None
-
-
Empty show more show less
Description
When creating a custom Java validator for the password and configuring it with a decoration like this:
form:
tabs:
user:
fields:
pswd:
# https://docs.magnolia-cms.com/product-docs/6.2/Developing/Templating/Dialog-definition/Field-definition/List-of-fields/Password-field.html
# Tip: You can add custom field validators to define your own password policy such as minimum length and character types.
# https://docs.magnolia-cms.com/product-docs/6.2/Developing/Templating/Dialog-definition/Field-definition/Field-validators.html
validators:
passwordGuidelineValidator:
class: de.apobank.corporate.validators.PasswordGuidelineValidatorDefinition
errorMessage: security-app.user.user.pswd.validation.errorMessage
The validator doesn't seem to receive the parameter correctly and tries to validate an empty value.
This affects the old Security app, where the validate method of PasswordFields doesn't seem to set the password as a parameter to validate correctly.
The client provided a workaround replacing the "super.validate()" call with this:
//////////////////////////////////////
// START: TAKEN FROM super.validate();
if (this.isRequired() && this.isEmpty()) {
throw new Validator.EmptyValueException(super.getRequiredError());
} else {
// START: change
String fieldValue = super.getValue();
if (fieldValue == null) {
super.validate(passwordField.getValue()); // We want the new password of a newly created user
} else {
if (isBcryptHashValue(fieldValue)) {
log.info("Skipping password validation (as we got a bcrypt hash value). Password was not changed.");
} else {
super.validate(fieldValue);
}
}
// END: change
}
// END: TAKEN FROM super.validate();
////////////////////////////////////
Checklists
Acceptance criteria