New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
XWIKI-9017 : Possibility to see passwords hash in document history #92
Conversation
@@ -52,6 +52,8 @@ $escapedChunk## | |||
<dt>$propertyDisplay</dt> | |||
#if ("$!diff.propType" == 'TextArea') | |||
<dd>#unifiedDiff($diff.prevValue $diff.newValue)</dd> | |||
#elseif($diff.propType == 'Password' || ($diff.getClassName() == 'XWiki.XWikiUsers' && $propertyDisplay == 'e-Mail')) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
$propertyDisplay
is not something stable, since it can be translated, and in other languages it might look different.
Why not check if $diff.propType == 'Email'
? That's a new type of field, and the XWikiUsers
class should be updated to use it, if it didn't happen already.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
You're right. I wasn't aware of the Email type, it's a good idea :)
…king for Email propType instead of using the display name.
@@ -52,6 +52,8 @@ $escapedChunk## | |||
<dt>$propertyDisplay</dt> | |||
#if ("$!diff.propType" == 'TextArea') | |||
<dd>#unifiedDiff($diff.prevValue $diff.newValue)</dd> | |||
#elseif($diff.propType == 'Password' || ($diff.getClassName() == 'XWiki.XWikiUsers' && $diff.propType == 'Email')) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I wonder if the getClassName
condition is necessary. Shouldn't all emails be hidden?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm not sure we should always hide them : in others cases than users profiles, I guess these emails would be most of the time public ones. Perhaps we should rather add a field in the email property metaclass to let admins choose whether a given email field should be hidden or not ?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I agree.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Don't forget to change the email type in the XWiki.XWikiUsers
class: https://github.com/xwiki/xwiki-platform/blob/master/xwiki-platform-core/xwiki-platform-oldcore/src/main/java/com/xpn/xwiki/internal/mandatory/XWikiUsersDocumentInitializer.java#L87
XWIKI-9017: Possibility to see passwords hash in document history
No description provided.