[
https://issues.apache.org/jira/browse/SYNCOPE-1293?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
DmitriyB. updated SYNCOPE-1293:
-------------------------------
Description:
Reset password notification may contain "about" value with a "filter" property.
And "token" field of a "UserTO" may be used in a fiql query of password reset
notification.
E.g. {{token!=$null}} query can be used as a filter value JPAAnyAbout entity
which is a part of JPANotification entity.
If token field is not searchable for UserTO object, then
SearchCondVisitor#createAttributeCond(final String schema) creates
AttributeCond object instead of AnyCond object, and therefore
NotificationManagerImpl skips password reset notification and doesn't process
it correctly (look at line 344 in
[https://github.com/apache/syncope/blob/master/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/notification/NotificationManagerImpl.java]).
Link to conversation in git:
[https://github.com/apache/syncope/commit/7b168c142b09c3b03e39f1449211e7ddf026a14d]
was:
Reset password notification may contain "about" value with a "filter" property.
And "token" field of a "UserTO" may be used in a fiql query of password
reset notification.
E.g. {{token!=$null}} query can be used as a filter value JPAAnyAbout entity
which is a part of JPANotification entity.
If token field is not searchable for UserTO object, then
SearchCondVisitor#createAttributeCond(final String schema) creates
AttributeCond object instead of AnyCond object, and therefore
NotificationManagerImpl skips password reset notification and doesn't process
it correctly (look at line 344 in
[https://github.com/apache/syncope/blob/master/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/notification/NotificationManagerImpl.java]).
Link to conversation in git:
https://github.com/apache/syncope/commit/7b168c142b09c3b03e39f1449211e7ddf026a14d
> Make "token" field searchable again
> -----------------------------------
>
> Key: SYNCOPE-1293
> URL: https://issues.apache.org/jira/browse/SYNCOPE-1293
> Project: Syncope
> Issue Type: Bug
> Components: common
> Affects Versions: 2.0.8
> Reporter: DmitriyB.
> Priority: Minor
> Fix For: 2.0.9, 2.1.0
>
>
> Reset password notification may contain "about" value with a "filter"
> property.
> And "token" field of a "UserTO" may be used in a fiql query of password
> reset notification.
> E.g. {{token!=$null}} query can be used as a filter value JPAAnyAbout entity
> which is a part of JPANotification entity.
> If token field is not searchable for UserTO object, then
> SearchCondVisitor#createAttributeCond(final String schema) creates
> AttributeCond object instead of AnyCond object, and therefore
> NotificationManagerImpl skips password reset notification and doesn't process
> it correctly (look at line 344 in
> [https://github.com/apache/syncope/blob/master/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/notification/NotificationManagerImpl.java]).
> Link to conversation in git:
>
> [https://github.com/apache/syncope/commit/7b168c142b09c3b03e39f1449211e7ddf026a14d]
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
