[
https://issues.apache.org/jira/browse/OAK-1943?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Dominique Jäggi updated OAK-1943:
---------------------------------
Attachment: OAK-1934_-_added_one_more_test.patch
[~anchela], added one more test via [^OAK-1934_-_added_one_more_test.patch] -
it checks that expiry props are still there if a user is overwritten via
import, the XML of which doesn't contain an expiry prop.
i added the following to the feature documentation:
{noformat}
When users are imported via the Oak JCR XML importer, the expiry relevant nodes
and property are supported. If the XML specifies a rep:pwd node and optionally
a rep:passwordLastModified property, these are imported, irrespective of the
password expiry or force initial password change being enabled. If they're
enabled, the imported property will be used in the normal login process as
described above. If not enabled, the imported property will have no effect.
On the other hand, if the imported user already exists, potentially existing
rep:passwordLastModified properties will be overwritten with the value from the
import. If password expiry is enabled, this may cause passwords to expire
earlier or later than anticipated, governed by the new value. Also, an import
may create such a property where none previously existed, thus effectively
cancelling the need to change the password on first login - if the feature is
enabled.
Therefore customers using the importer in such fashion should be aware of the
potential need to enable password expiry/force initial password change for the
imported data to make sense, and/or the effect on already existing/overwritten
data.
{noformat}
regarding importing when expiry is disabled: if the expiry property is imported
and the feature is disabled, the property is essentially dead weight, as it is
neither read nor updated upon password change. Conversely, if the feature is
suddenly enabled, the data is already there and can be used. The only change
required for that to work, could be: in UserManager#setPassword, if the
property already exists, update it irrespective of the feature being enabled.
WDYT?
> UserImporter doesn't import protected rep:passwordLastModified
> --------------------------------------------------------------
>
> Key: OAK-1943
> URL: https://issues.apache.org/jira/browse/OAK-1943
> Project: Jackrabbit Oak
> Issue Type: Bug
> Components: core
> Affects Versions: 1.1
> Reporter: angela
> Fix For: 1.1
>
> Attachments: OAK-1934_-_added_one_more_test.patch
>
>
> while writing a dedicated test case for user import along with OAK-1922
> [~djaeggi] found that the rep:passwordLastModified is not being imported.
> in order not to block the initial feature request, we decided to move that in
> a separate issue and ignore the corresponding test with an corresponding link
> to this issue.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
