Univention Bugzilla – Bug 48660
User Invitation: UDM Wizard
Last modified: 2019-03-12 13:40:28 CET
The user creation wizard should get a new checkbox whether the admin wants to set a new password or an email so that the user may set the password by itself.
Fixed in univention-management-console-module-udm 9.0.1-5A~4.4.0.201902131023
"""return Math.random().toString(36).slice(-8);""" Are you sure you want to generate a password with a pseudo-random function?
Can you move the checkbox above the password fields. Otherwise the input fields are jumping arround when toggling the checkbox.
Created attachment 9844 [details] Use CSS transitions Widget positions could change their position with CSS transitions. Probably not very elegant implementation, but it looks neat.
Fixed in univention-management-console-module-udm 9.0.2-2A~4.4.0.201902151404 Put the checkbox below the email field. A max-height keeps the widgets in place.
(In reply to Florian Best from comment #3) > """return Math.random().toString(36).slice(-8);""" > > Are you sure you want to generate a password with a pseudo-random function? I think this is okay. The password are disabled anyway by the backend.
The current code depends on the attributes being present. Therefore it raises a type error. TypeError: Cannot read property 'className' of null
FYI: it looks strange on mobile / smart phone.
(In reply to Dirk Wiesenthal from comment #7) > (In reply to Florian Best from comment #3) > > """return Math.random().toString(36).slice(-8);""" > > > > Are you sure you want to generate a password with a pseudo-random function? > > I think this is okay. The password are disabled anyway by the backend. New users are not diabled anymore. Therefore, the generated passwords should be stronger now. (In reply to Florian Best from comment #8) > The current code depends on the attributes being present. Therefore it > raises a type error. TypeError: Cannot read property 'className' of null Fixed in univention-management-console-module-udm 9.0.2-4A~4.4.0.201902182323
*** Bug 48695 has been marked as a duplicate of this bug. ***
Missing changelog entry.
OK: functions OK: cryptographic secure password are generated The reason why it's necessary that this password is crytographic randomly created is the following: If an administrator creates 2 (or more) users after another, any of the users can get to know the passwords of the other users by looking up their own password / password history, crack the NTLM(or other password but NTLM should be the easiest and relatively easy), find out the seed of the PRNG Math.Random() and generate the next/previous passwords from that value.
Added in 953ba50fba
OK: Changelog
UCS 4.4 has been released: https://docs.software-univention.de/release-notes-4.4-0-en.html https://docs.software-univention.de/release-notes-4.4-0-de.html If this error occurs again, please use "Clone This Bug".