<!-- 
RSS generated by JIRA (9.4.2#940002-sha1:46d1a51de284217efdcb32434eab47a99af2938b) at Mon Feb 12 10:47:44 CET 2024

It is possible to restrict the fields that are returned in this document by specifying the 'field' parameter in your request.
For example, to request only the issue key and summary append 'field=key&field=summary' to the URL of your request.
-->
<rss version="0.92" >
<channel>
    <title>Magnolia - Issue tracker</title>
    <link>https://jira.magnolia-cms.com</link>
    <description>This file is an XML representation of an issue</description>
    <language>en-uk</language>    <build-info>
        <version>9.4.2</version>
        <build-number>940002</build-number>
        <build-date>19-01-2023</build-date>
    </build-info>


<item>
            <title>[SECURITY-84] Custom password validator is called without passing password value</title>
                <link>https://jira.magnolia-cms.com/browse/SECURITY-84</link>
                <project id="17481" key="SECURITY">Security</project>
                    <description>&lt;p&gt;When creating a custom Java validator for the password and configuring it with a decoration like this:&lt;/p&gt;

&lt;p&gt;&#160;&lt;/p&gt;
&lt;div class=&quot;code panel&quot; style=&quot;border-width: 1px;&quot;&gt;&lt;div class=&quot;codeContent panelContent&quot;&gt;
&lt;pre class=&quot;code-java&quot;&gt;
form:
  tabs:
    user:
      fields:
        pswd:
          # https:&lt;span class=&quot;code-comment&quot;&gt;//docs.magnolia-cms.com/product-docs/6.2/Developing/Templating/Dialog-definition/Field-definition/List-of-fields/Password-field.html
&lt;/span&gt;          # Tip: You can add custom field validators to define your own password policy such as minimum length and character types.
          # https:&lt;span class=&quot;code-comment&quot;&gt;//docs.magnolia-cms.com/product-docs/6.2/Developing/Templating/Dialog-definition/Field-definition/Field-validators.html
&lt;/span&gt;          validators:
            passwordGuidelineValidator:
              class: de.apobank.corporate.validators.PasswordGuidelineValidatorDefinition
              errorMessage: security-app.user.user.pswd.validation.errorMessage &lt;/pre&gt;
&lt;/div&gt;&lt;/div&gt;
&lt;p&gt;The validator doesn&apos;t seem to receive the parameter correctly and tries to validate an empty value.&lt;/p&gt;

&lt;p&gt;&#160;&lt;/p&gt;

&lt;p&gt;This affects the old Security app, where the &lt;a href=&quot;https://git.magnolia-cms.com/projects/PLATFORM/repos/ui.pub/browse/magnolia-ui-framework-compatibility/src/main/java/info/magnolia/ui/form/field/PasswordFields.java#131&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;validate&lt;/a&gt; method of PasswordFields doesn&apos;t seem to set the password as a parameter to validate correctly.&lt;/p&gt;

&lt;p&gt;The client provided a workaround replacing the &quot;super.validate()&quot; call with this:&lt;/p&gt;
&lt;div class=&quot;code panel&quot; style=&quot;border-width: 1px;&quot;&gt;&lt;div class=&quot;codeContent panelContent&quot;&gt;
&lt;pre class=&quot;code-java&quot;&gt;
    &lt;span class=&quot;code-comment&quot;&gt;//////////////////////////////////////
&lt;/span&gt;    &lt;span class=&quot;code-comment&quot;&gt;// START: TAKEN FROM &lt;span class=&quot;code-keyword&quot;&gt;super&lt;/span&gt;.validate();
&lt;/span&gt;    &lt;span class=&quot;code-keyword&quot;&gt;if&lt;/span&gt; (&lt;span class=&quot;code-keyword&quot;&gt;this&lt;/span&gt;.isRequired() &amp;amp;&amp;amp; &lt;span class=&quot;code-keyword&quot;&gt;this&lt;/span&gt;.isEmpty()) {
        &lt;span class=&quot;code-keyword&quot;&gt;throw&lt;/span&gt; &lt;span class=&quot;code-keyword&quot;&gt;new&lt;/span&gt; Validator.EmptyValueException(&lt;span class=&quot;code-keyword&quot;&gt;super&lt;/span&gt;.getRequiredError());
    } &lt;span class=&quot;code-keyword&quot;&gt;else&lt;/span&gt; {
        &lt;span class=&quot;code-comment&quot;&gt;// START: change
&lt;/span&gt;        &lt;span class=&quot;code-object&quot;&gt;String&lt;/span&gt; fieldValue = &lt;span class=&quot;code-keyword&quot;&gt;super&lt;/span&gt;.getValue();
        &lt;span class=&quot;code-keyword&quot;&gt;if&lt;/span&gt; (fieldValue == &lt;span class=&quot;code-keyword&quot;&gt;null&lt;/span&gt;) {
            &lt;span class=&quot;code-keyword&quot;&gt;super&lt;/span&gt;.validate(passwordField.getValue()); &lt;span class=&quot;code-comment&quot;&gt;// We want the &lt;span class=&quot;code-keyword&quot;&gt;new&lt;/span&gt; password of a newly created user
&lt;/span&gt;        } &lt;span class=&quot;code-keyword&quot;&gt;else&lt;/span&gt; {
            &lt;span class=&quot;code-keyword&quot;&gt;if&lt;/span&gt; (isBcryptHashValue(fieldValue)) {
                log.info(&lt;span class=&quot;code-quote&quot;&gt;&quot;Skipping password validation (as we got a bcrypt hash value). Password was not changed.&quot;&lt;/span&gt;);
            } &lt;span class=&quot;code-keyword&quot;&gt;else&lt;/span&gt; {
                &lt;span class=&quot;code-keyword&quot;&gt;super&lt;/span&gt;.validate(fieldValue);
            }
        }
        &lt;span class=&quot;code-comment&quot;&gt;// END: change
&lt;/span&gt;    }
    &lt;span class=&quot;code-comment&quot;&gt;// END: TAKEN FROM &lt;span class=&quot;code-keyword&quot;&gt;super&lt;/span&gt;.validate();
&lt;/span&gt;    &lt;span class=&quot;code-comment&quot;&gt;//////////////////////////////////// &lt;/span&gt;&lt;/pre&gt;
&lt;/div&gt;&lt;/div&gt;</description>
                <environment></environment>
        <key id="145978">SECURITY-84</key>
            <summary>Custom password validator is called without passing password value</summary>
                <type id="1" iconUrl="https://jira.magnolia-cms.com/secure/viewavatar?size=xsmall&amp;avatarId=10883&amp;avatarType=issuetype">Bug</type>
                                            <priority id="6" iconUrl="https://jira.magnolia-cms.com/images/icons/priorities/neutral.gif">Neutral</priority>
                        <status id="1" iconUrl="https://jira.magnolia-cms.com/images/icons/statuses/open.png" description="The issue is open and ready for the assignee to start work on it.">Open</status>
                    <statusCategory id="2" key="new" colorName="default"/>
                                    <resolution id="-1">Unresolved</resolution>
                                        <assignee username="-1">Unassigned</assignee>
                                    <reporter username="rgaona">Roberto Gaona</reporter>
                        <labels>
                    </labels>
                <created>Fri, 9 Feb 2024 08:31:42 +0100</created>
                <updated>Fri, 9 Feb 2024 08:32:03 +0100</updated>
                                            <version>6.2.20</version>
                                                        <due></due>
                            <votes>0</votes>
                                    <watches>1</watches>
                                                                                                                    <issuelinks>
                            <issuelinktype id="10040">
                    <name>causality</name>
                                                                <inwardlinks description="is causing">
                                                        </inwardlinks>
                                    </issuelinktype>
                    </issuelinks>
                <attachments>
                    </attachments>
                <subtasks>
                    </subtasks>
                <customfields>
                                                                            <customfield id="customfield_14166" key="com.okapya.jira.checklist:checklist">
                        <customfieldname>Acceptance criteria</customfieldname>
                        <customfieldvalues>
                            
        <checklist>
        <![CDATA[
                            




                
                                    <div class="o-completion" style="display: flex; flex-shrink: 0;"><span  class="aui-lozenge aui-lozenge-complete" style="font-size: 12px; font-weight: normal; display: flex; flex-direction: row; align-items: center;" ><span style="padding-right: 4px; vertical-align: middle;"><svg width="15" height="15" viewBox="0 0 15 15" xmlns="http://www.w3.org/2000/svg" fill="white"><path clip-rule="evenodd" d="m10.41037,3.42544l-7.86501,0c-0.72395,0 -1.31084,0.58688 -1.31084,1.31084l0,7.86508c0,0.7239 0.58689,1.3108 1.31084,1.3108l7.86501,0c0.724,0 1.3109,-0.5869 1.3109,-1.3108l0,-7.86508c0,-0.72396 -0.5869,-1.31084 -1.3109,-1.31084zm-7.86501,-0.65542c-1.08593,0 -1.96626,0.88032 -1.96626,1.96626l0,7.86508c0,1.0859 0.88033,1.9662 1.96626,1.9662l7.86501,0c1.086,0 1.9663,-0.8803 1.9663,-1.9662l0,-7.86508c0,-1.08594 -0.8803,-1.96626 -1.9663,-1.96626l-7.86501,0z" fill-rule="evenodd"/><path d="m5.09049,10.18526l-1.82767,-1.82766l-0.78479,0.78479l2.61246,2.61246l5.38758,-5.38754l-0.78483,-0.78479l-4.60275,4.60274z"/></svg></span><span>Empty</span></span></div>
                        ]]>
    </checklist>


                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    <customfield id="customfield_10111" key="com.atlassian.jira.toolkit:reporterdomain">
                        <customfieldname>Company</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>magnolia-cms.com</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                            <customfield id="customfield_12730" key="com.atlassian.jira.plugins.jira-development-integration-plugin:devsummary">
                        <customfieldname>Development</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_14151" key="com.atlassian.jira.toolkit:message">
                        <customfieldname>Docu info</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            <customfield id="customfield_10061" key="com.atlassian.jira.toolkit:lastusercommented">
                        <customfieldname>Last comm is not jira-dev</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>true</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10071" key="com.atlassian.jira.toolkit:lastupdaterorcommenter">
                        <customfieldname>Last participant</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>rgaona</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_13136" key="com.atlassian.jira.toolkit:LastCommentDate">
                        <customfieldname>Last public comment date</customfieldname>
                        <customfieldvalues>
                            3 days ago
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                            <customfield id="customfield_10020" key="com.atlassian.jira.toolkit:attachments">
                        <customfieldname>Number of attachments</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>0.0</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10150" key="com.atlassian.jira.toolkit:comments">
                        <customfieldname>Number of comments</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>0.0</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        <customfield id="customfield_10011" key="com.atlassian.jira.toolkit:participants">
                        <customfieldname>Participants</customfieldname>
                        <customfieldvalues>
                                        <customfieldvalue>rgaona</customfieldvalue>
    
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                    <customfield id="customfield_10833" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>Rank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>0|y0c1es:</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10244" key="com.pyxis.greenhopper.jira:gh-global-rank">
                        <customfieldname>Rank (Obsolete)</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>9223372036854775807</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                <customfield id="customfield_14145" key="com.intenso.jira.issue-templates:issue-templates-customfield">
                        <customfieldname>Template</customfieldname>
                        <customfieldvalues>
                            


                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                <customfield id="customfield_15131" key="com.onresolve.jira.groovy.groovyrunner:scripted-field">
                        <customfieldname>Time in Discovery</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>0</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                        <customfield id="customfield_13933" key="com.atlassian.jira.plugin.system.customfieldtypes:select">
                        <customfieldname>Urgency (resolution)</customfieldname>
                        <customfieldvalues>
                                <customfieldvalue key="15724"><![CDATA[Normal]]></customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                </customfields>
    </item>
</channel>
</rss>