Uploaded image for project: 'Security'
  1. Security
  2. SECURITY-84

Custom password validator is called without passing password value

    XMLWordPrintable

Details

    • Bug
    • Resolution: Unresolved
    • Neutral
    • None
    • 6.2.20
    • None

    Description

      When creating a custom Java validator for the password and configuring it with a decoration like this:

       

      form:
        tabs:
          user:
            fields:
              pswd:
                # https://docs.magnolia-cms.com/product-docs/6.2/Developing/Templating/Dialog-definition/Field-definition/List-of-fields/Password-field.html
                # Tip: You can add custom field validators to define your own password policy such as minimum length and character types.
                # https://docs.magnolia-cms.com/product-docs/6.2/Developing/Templating/Dialog-definition/Field-definition/Field-validators.html
                validators:
                  passwordGuidelineValidator:
                    class: de.apobank.corporate.validators.PasswordGuidelineValidatorDefinition
                    errorMessage: security-app.user.user.pswd.validation.errorMessage 

      The validator doesn't seem to receive the parameter correctly and tries to validate an empty value.

       

      This affects the old Security app, where the validate method of PasswordFields doesn't seem to set the password as a parameter to validate correctly.

      The client provided a workaround replacing the "super.validate()" call with this:

          //////////////////////////////////////
          // START: TAKEN FROM super.validate();
          if (this.isRequired() && this.isEmpty()) {
              throw new Validator.EmptyValueException(super.getRequiredError());
          } else {
              // START: change
              String fieldValue = super.getValue();
              if (fieldValue == null) {
                  super.validate(passwordField.getValue()); // We want the new password of a newly created user
              } else {
                  if (isBcryptHashValue(fieldValue)) {
                      log.info("Skipping password validation (as we got a bcrypt hash value). Password was not changed.");
                  } else {
                      super.validate(fieldValue);
                  }
              }
              // END: change
          }
          // END: TAKEN FROM super.validate();
          //////////////////////////////////// 

      Checklists

        Acceptance criteria

        Attachments

          Activity

            People

              Unassigned Unassigned
              rgaona Roberto Gaona
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated: