Skip to content
[Jenkins]Jenkins
S'identifier
Succès

Changes

Summary

  1. Bug #14829 (details)
  2. Bug #14829 (details)
  3. Fix vulnerability reported in https://github.com/Silverpeas/docker-silverpeas-prod/issues/10 (details)
Commit ed047500882d090563f82c52ef3b1c8c6c090c8c by Miguel Moquillon
Bug #14829

Refactor the credentials management API in order the handlers can
indicate if credentials pre-checking treatment has to be done before
invoking them. The refactor uses the Visitor pattern.

Now, when the user request a password reseting or a password change, if
the pair login/domain doesn't exist in Silverpeas, an error page is
displayed. The HTT response to the navigator doesn't change if there is
an error or not; only the content of the response (the document) change.
The error page instead of talking about the not found login identifier
for a given user domain, informs just the user its password change/reset
isn't allowed.
The file was modifiedcore-web/src/main/java/org/silverpeas/core/web/authentication/credentials/CredentialsFunctionHandler.java (diff)
The file was modifiedcore-configuration/src/main/config/properties/org/silverpeas/authentication/multilang/forgottenPasswordMail.properties (diff)
The file was modifiedcore-web/src/main/java/org/silverpeas/core/web/authentication/credentials/NewRegistrationHandler.java (diff)
The file was addedcore-web/src/main/java/org/silverpeas/core/web/authentication/credentials/HttpFunctionHandler.java
The file was addedcore-web/src/main/java/org/silverpeas/core/web/authentication/credentials/CredentialsFunctionFromLoginHandler.java
The file was modifiedcore-web/src/main/java/org/silverpeas/core/web/authentication/credentials/ChangePasswordFromLoginHandler.java (diff)
The file was modifiedcore-configuration/src/main/config/properties/org/silverpeas/authentication/multilang/forgottenPasswordMail_fr.properties (diff)
The file was addedcore-web/src/main/java/org/silverpeas/core/web/authentication/credentials/HttpFunctionHandlerRegistering.java
The file was modifiedcore-web-test/src/main/resources/org/silverpeas/lookAndFeel/generalLook.properties (diff)
The file was modifiedcore-configuration/src/main/config/properties/org/silverpeas/lookAndFeel/generalLook.properties (diff)
The file was modifiedcore-web/src/main/java/org/silverpeas/core/web/authentication/CredentialsServlet.java (diff)
The file was modifiedcore-web/src/main/java/org/silverpeas/core/web/authentication/credentials/ForgotPasswordHandler.java (diff)
The file was modifiedcore-web/src/main/java/org/silverpeas/core/web/authentication/credentials/ChangePasswordFunctionHandler.java (diff)
The file was modifiedcore-war/src/main/webapp/defaultReInitPassword.jsp (diff)
Commit c283ce13d81ba7abf6adcd226338c95c5875a398 by Miguel Moquillon
Bug #14829

Now it isn't anymore possible to change his password through the login
form. This feature has been removed for security reasons.
To change his password, the user has either to reset it in the login form
(if this feature is enabled) or to change it in his profile page once
signed in Silverpeas.

When reseting his password with an invalid login id, the same message is
given than with a valid login id. So nobody cannot know if a user with
such a login id exists or not.
The file was modifiedcore-library/src/test/resources/org/silverpeas/lookAndFeel/generalLook.properties (diff)
The file was modifiedcore-api/src/test/resources/org/silverpeas/authentication/settings/authenticationSettings.properties (diff)
The file was modifiedcore-configuration/src/main/config/properties/org/silverpeas/authentication/multilang/forgottenPasswordMail_fr.properties (diff)
The file was modifiedcore-services/chat/src/integration-test/resources/org/silverpeas/lookAndFeel/generalLook.properties (diff)
The file was modifiedcore-configuration/src/main/config/properties/org/silverpeas/authentication/settings/authenticationSettings.properties (diff)
The file was modifiedcore-war/src/main/webapp/defaultReInitPassword.jsp (diff)
The file was modifiedcore-test/src/main/resources/org/silverpeas/authentication/settings/authenticationSettings.properties (diff)
The file was modifiedcore-library/src/integration-test/resources/org/silverpeas/lookAndFeel/generalLook.properties (diff)
The file was modifiedcore-web/src/main/java/org/silverpeas/core/web/authentication/credentials/ForgotPasswordHandler.java (diff)
The file was removedcore-web/src/main/java/org/silverpeas/core/web/authentication/credentials/ChangePasswordFromLoginHandler.java
The file was modifiedcore-war/src/main/webapp/defaultLogin.jsp (diff)
The file was modifiedcore-services/workflow/src/integration-test/resources/org/silverpeas/lookAndFeel/generalLook.properties (diff)
The file was modifiedcore-services/chat/src/test/resources/org/silverpeas/lookAndFeel/generalLook.properties (diff)
The file was modifiedcore-war/src/main/webapp/headLog.jsp (diff)
The file was modifiedcore-configuration/src/main/config/properties/org/silverpeas/authentication/multilang/forgottenPasswordMail.properties (diff)
The file was modifiedcore-library/src/test/resources/org/silverpeas/authentication/settings/authenticationSettings.properties (diff)
The file was modifiedcore-web-test/src/main/resources/org/silverpeas/lookAndFeel/generalLook.properties (diff)
Commit 55e934b7cef4920baa8265a4b85d5b75a69bf142 by Miguel Moquillon
Fix vulnerability reported in https://github.com/Silverpeas/docker-silverpeas-prod/issues/10
The file was modifiedcore-war/src/main/java/org/silverpeas/web/jobdomain/control/JobDomainPeasSessionController.java (diff)
The file was modifiedcore-war/src/main/java/org/silverpeas/web/jobdomain/servlets/JobDomainPeasRequestRouter.java (diff)

Summary

  1. Remove some deprecated settings from properties files used in tests (details)
Commit 37df12e5bfb887396a993a8bb3d98d53a149dcf7 by Miguel Moquillon
Remove some deprecated settings from properties files used in tests
The file was modifiedmailinglist/mailinglist-library/src/test/resources/org/silverpeas/lookAndFeel/generalLook.properties (diff)