stable
Clone or download
Read-only
As of today this situation can happen when a user has been automatically registered after a sign in with an OIDC provider marked as being the only authentication method. With upcoming contributions it will also be the case for any users that have registered after signing in on any OIDC provider proposed by the instance. In order to make sure there was no magic trick (e.g. a null casted silently to an empty string) the plaintext user password has been changed for a Tuleap\Cryptography\ConcealedString instance. It makes easier for the static analysis to catch misuses and anyway it limits the chance of leaking a user's password. To test, you can the password field of one of your user to NULL. When you are authenticated with this user, the password change form should be gone. If you try to authenticate with this user the authentication must be denied. Part of request #14812: Users signing in via an OIDC provider should be able to create an account without setting a password Change-Id: I4522f126be60b314c0dbb780fe5491ed64bda7ad
Modified Files
| Name | ||||
|---|---|---|---|---|
| M | plugins/create_test_env/include/CreateTestEnv/CreateTestEnvironment.php | +2 | −2 | Go to diff View file |
| M | plugins/create_test_env/include/CreateTestEnv/REST/CreateTestEnvResource.php | +4 | −2 | Go to diff View file |
| M | plugins/docman/tests/rest/Helper/DocmanDataBuildCommon.php | +2 | −1 | Go to diff View file |
| M | plugins/dynamic_credentials/include/Credential/CredentialCreator.php | +3 | −1 | Go to diff View file |
| M | plugins/dynamic_credentials/include/Credential/CredentialRetriever.php | +3 | −2 | Go to diff View file |
| M | plugins/dynamic_credentials/include/REST/DynamicCredentialsResource.php | +4 | −1 | Go to diff View file |
| M | plugins/dynamic_credentials/include/Session/DynamicCredentialSession.php | +2 | −1 | Go to diff View file |
| M | plugins/dynamic_credentials/include/User/DynamicUser.php | +3 | −1 | Go to diff View file |
| M | plugins/dynamic_credentials/tests/unit/Credential/CredentialCreatorTest.php | +2 | −1 | Go to diff View file |
| M | plugins/dynamic_credentials/tests/unit/Credential/CredentialRetrieverTest.php | +6 | −7 | Go to diff View file |
| M | plugins/dynamic_credentials/tests/unit/Session/DynamicCredentialSessionTest.php | +6 | −6 | Go to diff View file |
| M | plugins/dynamic_credentials/tests/unit/User/DynamicUserTest.php | +2 | −1 | Go to diff View file |
| M | plugins/git/include/Git/HTTP/HTTPAccessControl.php | +2 | −2 | Go to diff View file |
| M | plugins/git/include/Git/RemoteServer/Gerrit/ReplicationHTTPUserAuthenticator.php | +2 | −1 | Go to diff View file |
| M | plugins/git/tests/unit/Git/RemoteServer/Gerrit/ReplicationHTTPUserAuthenticatorTest.php | +5 | −5 | Go to diff View file |
| M | plugins/ldap/include/LDAP.class.php | +7 | −6 | Go to diff View file |
| M | plugins/ldap/include/LDAP_UserManager.class.php | +3 | −3 | Go to diff View file |
| M | plugins/ldap/tests/unit/UserManagerAuthenticateTest.php | +3 | −3 | Go to diff View file |
| M | plugins/openidconnectclient/include/OpenIDConnectClient/AccountLinker/Controller.php | +2 | −1 | Go to diff View file |
| M | plugins/openidconnectclient/include/openidconnectclientPlugin.php | +0 | −9 | Go to diff View file |
| M | plugins/testmanagement/tests/rest/TestManagementDataBuilder.php | +1 | −1 | Go to diff View file |
| M | plugins/timetracking/tests/rest/TimetrackingDataBuilder.php | +2 | −1 | Go to diff View file |
| M | plugins/tracker/bin/remove_multiple_artifacts.php | +1 | −1 | Go to diff View file |
| M | plugins/webdav/include/WebDAVAuthentication.class.php | +1 | −1 | Go to diff View file |
| M | src/common/CLI/Command/UserPasswordCommand.php | +8 | −6 | Go to diff View file |
| M | src/common/Password/PasswordSanityChecker.php | +3 | −2 | Go to diff View file |
| M | src/common/Project/Project_SOAPServer.class.php | +5 | −3 | Go to diff View file |
| M | src/common/REST/BasicAuthentication.class.php | +2 | −1 | Go to diff View file |
| M | src/common/Token/REST/v1/TokenResource.class.php | +4 | −2 | Go to diff View file |
| M | src/common/User/Account/PasswordPreUpdateEvent.php | +3 | −13 | Go to diff View file |
| M | src/common/User/Account/SecurityPresenter.php | +0 | −6 | Go to diff View file |
| M | src/common/User/Account/UpdatePasswordController.php | +9 | −11 | Go to diff View file |
| M | src/common/User/Account/templates/security/password.mustache | +4 | −6 | Go to diff View file |
| M | src/common/User/GenericUserFactory.class.php | +1 | −2 | Go to diff View file |
| M | src/common/User/LoginManager.class.php | +3 | −3 | Go to diff View file |
| M | src/common/User/Password/Change/PasswordChanger.php | +2 | −1 | Go to diff View file |
| R | src/common/User/Password/PasswordHandler.class.php | Go to diff View file | ||
| R | src/common/User/Password/StandardPasswordHandler.class.php | Go to diff View file | ||
| M | src/common/User/PasswordVerifier.php | +9 | −8 | Go to diff View file |
| M | src/common/User/User.class.php | +5 | −9 | Go to diff View file |
| M | src/common/User/UserManager.class.php | +9 | −5 | Go to diff View file |
| M | src/common/User/XML/Import/WillBeCreatedUser.php | +4 | −3 | Go to diff View file |
| M | src/common/dao/UserDao.class.php | +3 | −2 | Go to diff View file |
| M | src/tuleap-cfg/Command/SetupMysqlCommand.php | +5 | −2 | Go to diff View file |
| M | src/www/account/login.php | +2 | −1 | Go to diff View file |
| M | src/www/account/lostlogin.php | +7 | −0 | Go to diff View file |
| M | src/www/account/lostpw-confirm.php | +1 | −1 | Go to diff View file |
| M | src/www/admin/usergroup.php | +2 | −2 | Go to diff View file |
| M | src/www/include/check_pw.php | +1 | −1 | Go to diff View file |
| M | src/www/soap/common/session.php | +2 | −1 | Go to diff View file |
| M | tests/rest/lib/TestDataBuilder.php | +5 | −5 | Go to diff View file |
| M | tests/soap/lib/TestDataBuilder.php | +3 | −3 | Go to diff View file |
| M | tests/unit/common/Project/SOAPServerGenericUserTest.php | +2 | −2 | Go to diff View file |
| M | tests/unit/common/User/Account/DisplaySecurityControllerTest.php | +1 | −28 | Go to diff View file |
| A | tests/unit/common/User/Account/PasswordPreUpdateEventTest.php | +49 | −0 | Go to diff View file |
| M | tests/unit/common/User/Account/UpdatePasswordControllerTest.php | +23 | −43 | Go to diff View file |
| M | tests/unit/common/User/Change/PasswordChangerTest.php | +3 | −2 | Go to diff View file |
| M | tests/unit/common/User/GenericUserFactoryTest.php | +9 | −4 | Go to diff View file |
| M | tests/unit/common/User/PasswordVerifierTest.php | +18 | −5 | Go to diff View file |
| M | tests/unit/common/User/StandardPasswordHandlerTest.php | +4 | −3 | Go to diff View file |
| M | tests/unit/common/User/User_LoginManagerTest.php | +10 | −9 | Go to diff View file |
| M | tools/utils/password_hasher.php | +5 | −2 | Go to diff View file |