syncope-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Francesco Chicchiriccò (JIRA) <j...@apache.org>
Subject [jira] [Updated] (SYNCOPE-1293) Make "token" field searchable again
Date Wed, 04 Apr 2018 12:11:00 GMT

     [ https://issues.apache.org/jira/browse/SYNCOPE-1293?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Francesco Chicchiriccò updated SYNCOPE-1293:
--------------------------------------------
    Description: 
Reset password notification may contain "about" value with a "filter" property.
 And "token" field of a "UserTO" may be used in a fiql query of password reset notification.
 E.g. {{token!=$null}} query can be used as a filter value JPAAnyAbout entity which is a
part of JPANotification entity.

If token field is not searchable for UserTO object, then SearchCondVisitor#createAttributeCond(final
String schema) creates AttributeCond object instead of AnyCond object, and therefore NotificationManagerImpl
skips password reset notification and doesn't process it correctly (look at [NotificationManagerImpl|https://github.com/apache/syncope/blob/master/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/notification/NotificationManagerImpl.java#L344]).

  was:
Reset password notification may contain "about" value with a "filter" property.
 And "token" field of a "UserTO" may be used in a fiql query of password reset notification.
 E.g. {{token!=$null}} query can be used as a filter value JPAAnyAbout entity which is a
part of JPANotification entity.

If token field is not searchable for UserTO object, then SearchCondVisitor#createAttributeCond(final
String schema) creates AttributeCond object instead of AnyCond object, and therefore NotificationManagerImpl
skips password reset notification and doesn't process it correctly (look at line 344 in [https://github.com/apache/syncope/blob/master/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/notification/NotificationManagerImpl.java]).

Link to conversation in git:
 [https://github.com/apache/syncope/commit/7b168c142b09c3b03e39f1449211e7ddf026a14d]


> Make "token" field searchable again
> -----------------------------------
>
>                 Key: SYNCOPE-1293
>                 URL: https://issues.apache.org/jira/browse/SYNCOPE-1293
>             Project: Syncope
>          Issue Type: Bug
>          Components: common
>    Affects Versions: 2.0.8
>            Reporter: DmitriyB.
>            Priority: Minor
>             Fix For: 2.0.9, 2.1.0
>
>
> Reset password notification may contain "about" value with a "filter" property.
>  And "token" field of a "UserTO" may be used in a fiql query of password reset notification.
>  E.g. {{token!=$null}} query can be used as a filter value JPAAnyAbout entity which
is a part of JPANotification entity.
> If token field is not searchable for UserTO object, then SearchCondVisitor#createAttributeCond(final
String schema) creates AttributeCond object instead of AnyCond object, and therefore NotificationManagerImpl
skips password reset notification and doesn't process it correctly (look at [NotificationManagerImpl|https://github.com/apache/syncope/blob/master/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/notification/NotificationManagerImpl.java#L344]).



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Mime
View raw message