Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

FusionAuth Admin UI password change does not respect rehashPasswordOnUserUpdate tenant level password policy #2932

Open
jobannon opened this issue Nov 21, 2024 · 1 comment
Open

FusionAuth Admin UI password change does not respect rehashPasswordOnUserUpdate tenant level password policy #2932

jobannon opened this issue Nov 21, 2024 · 1 comment
Assignees
@robotdan
Labels
bug Something isn't working
Milestone
1.55.0

Comments

@jobannon
Copy link

jobannon commented Nov 21, 2024
edited
Loading

Description

In specific cases, Admin UI does not allow for an "encryptionScheme" change on password update when setting rehashPasswordOnUserUpdate on the tenant.

Observed versions

1.53.3

Affects versions

The version, or versions where this bug exists. If you do not know, please leave blank for now.

Steps to reproduce

Steps to reproduce the behavior:

  1. Update the encryption scheme on the tenant and set rehashPasswordOnUserUpdate to true
image
  1. Find a user with a different encryption scheme (this could be a custom encryptor or just another encryption scheme that the user was created with)
  2. Update the user in the Admin UI (Users > User > Edit > Update password in Admin UI)
image
  1. Check the user and see that their encryption scheme does not update per the policy on the tenant from step one

Expected behavior

If a user updates their password via an administrative action in the Admin UI then the encryption scheme should update if configured on the tenant to do so.

Screenshots

If applicable, add screenshots to help explain your problem. Delete this section if it is not applicable.

Platform

(Please complete the following information)

  • Device: [e.g. Desktop, iPhone X, Pixel 3, etc]
  • OS: [e.g. iOS, macOS, Windows ME]
  • Browser + version [e.g. chrome, safari plus a version]
  • Database [MySQL | PostgresSQL] & and version

Community guidelines

All issues filed in this repository must abide by the FusionAuth community guidelines.

Additional context

Workarounds - Administratively Updating a user's password

1️⃣ If you need to update the user's encryption scheme based on a password update, you can do this via the user API:

curl --request PATCH \
  --url https://local.fusionauth.io/api/user/00000000-0000-0000-0000-000000000001 \
  --header 'Content-Type: application/json' \
  --header 'X-FusionAuth-TenantId: 30663132-6464-6665-3032-326466613934' \
  --header 'authorization: asdfasdfasdfasdf' \
  --data '{
	"user": {
	"password": "password2"

}}'

2️⃣ Additionally, you can set Require user to change password on next login which will also respect the rehashPasswordOnUserUpdate value when updating the password in the Admin UI

image

Workarounds - User Facing Password Update workflows

User facing workflows (forgot password workflow from our hosted pages, self service account management) will also respect the rehashPasswordOnUserUpdate value when updating the password. No action needed.
@jobannon jobannon added the bug Something isn't working label Nov 21, 2024
@robotdan
Copy link
Member

Internal:

@robotdan robotdan self-assigned this Nov 21, 2024
@robotdan robotdan added this to the 1.54.0 milestone Nov 21, 2024
@robotdan robotdan moved this to Code complete in FusionAuth Issues Nov 21, 2024
@andrewpai andrewpai modified the milestones: 1.54.0, 1.55.0 Nov 23, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@robotdan robotdan

Labels
bug Something isn't working
Projects
FusionAuth Issues
Status: Code complete
Milestone
1.55.0
Development

No branches or pull requests
3 participants
@robotdan @andrewpai @jobannon