jackrabbit-oak-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dominique Jäggi (JIRA) <j...@apache.org>
Subject [jira] [Updated] (OAK-1943) UserImporter doesn't import protected rep:passwordLastModified
Date Fri, 04 Jul 2014 12:07:33 GMT

     [ https://issues.apache.org/jira/browse/OAK-1943?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Dominique Jäggi updated OAK-1943:
---------------------------------

    Attachment: OAK-1934_-_added_one_more_test.patch

[~anchela], added one more test via [^OAK-1934_-_added_one_more_test.patch] - it checks that
expiry props are still there if a user is overwritten via import, the XML of which doesn't
contain an expiry prop.

i added the following to the feature documentation:
{noformat}
When users are imported via the Oak JCR XML importer, the expiry relevant nodes and property
are supported. If the XML specifies a rep:pwd node and optionally a rep:passwordLastModified
property, these are imported, irrespective of the password expiry or force initial password
change being enabled. If they're enabled, the imported property will be used in the normal
login process as described above. If not enabled, the imported property will have no effect.
On the other hand, if the imported user already exists, potentially existing rep:passwordLastModified
properties will be overwritten with the value from the import. If password expiry is enabled,
this may cause passwords to expire earlier or later than anticipated, governed by the new
value. Also, an import may create such a property where none previously existed, thus effectively
cancelling the need to change the password on first login - if the feature is enabled.
Therefore customers using the importer in such fashion should be aware of the potential need
to enable password expiry/force initial password change for the imported data to make sense,
and/or the effect on already existing/overwritten data.
{noformat}

regarding importing when expiry is disabled: if the expiry property is imported and the feature
is disabled, the property is essentially dead weight, as it is neither read nor updated upon
password change. Conversely, if the feature is suddenly enabled, the data is already there
and can be used. The only change required for that to work, could be: in UserManager#setPassword,
if the property already exists, update it irrespective of the feature being enabled. 

WDYT?

> UserImporter doesn't import protected rep:passwordLastModified
> --------------------------------------------------------------
>
>                 Key: OAK-1943
>                 URL: https://issues.apache.org/jira/browse/OAK-1943
>             Project: Jackrabbit Oak
>          Issue Type: Bug
>          Components: core
>    Affects Versions: 1.1
>            Reporter: angela
>             Fix For: 1.1
>
>         Attachments: OAK-1934_-_added_one_more_test.patch
>
>
> while writing a dedicated test case for user import along with OAK-1922 [~djaeggi] found
that the rep:passwordLastModified is not being imported.
> in order not to block the initial feature request, we decided to move that in a separate
issue and ignore the corresponding test with an corresponding link to this issue.



--
This message was sent by Atlassian JIRA
(v6.2#6252)

Mime
View raw message