Bug 48660 - User Invitation: UDM Wizard
User Invitation: UDM Wizard
Status: CLOSED FIXED
Product: UCS
Classification: Unclassified
Component: UMC - Users
UCS 4.4
Other Linux
: P5 normal (vote)
: UCS 4.4
Assigned To: Dirk Wiesenthal
Florian Best
:
: 48695 (view as bug list)
Depends on:
Blocks: 48632
  Show dependency treegraph
 
Reported: 2019-02-13 09:43 CET by Dirk Wiesenthal
Modified: 2019-03-12 13:40 CET (History)
3 users (show)

See Also:
What kind of report is it?: Feature Request
What type of bug is this?: ---
Who will be affected by this bug?: ---
How will those affected feel about the bug?: ---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Max CVSS v3 score:


Attachments
Use CSS transitions (4.86 KB, patch)
2019-02-15 14:05 CET, Dirk Wiesenthal
Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Dirk Wiesenthal univentionstaff 2019-02-13 09:43:46 CET
The user creation wizard should get a new checkbox whether the admin wants to set a new password or an email so that the user may set the password by itself.
Comment 2 Dirk Wiesenthal univentionstaff 2019-02-13 10:24:08 CET
Fixed in
  univention-management-console-module-udm 9.0.1-5A~4.4.0.201902131023
Comment 3 Florian Best univentionstaff 2019-02-13 10:25:24 CET
"""return Math.random().toString(36).slice(-8);"""

Are you sure you want to generate a password with a pseudo-random function?
Comment 4 Florian Best univentionstaff 2019-02-13 19:34:56 CET
Can you move the checkbox above the password fields. Otherwise the input fields are jumping arround when toggling the checkbox.
Comment 5 Dirk Wiesenthal univentionstaff 2019-02-15 14:05:36 CET
Created attachment 9844 [details]
Use CSS transitions

Widget positions could change their position with CSS transitions. Probably not very elegant implementation, but it looks neat.
Comment 6 Dirk Wiesenthal univentionstaff 2019-02-15 14:06:52 CET
Fixed in
  univention-management-console-module-udm 9.0.2-2A~4.4.0.201902151404

Put the checkbox below the email field. A max-height keeps the widgets in place.
Comment 7 Dirk Wiesenthal univentionstaff 2019-02-15 14:08:04 CET
(In reply to Florian Best from comment #3)
> """return Math.random().toString(36).slice(-8);"""
> 
> Are you sure you want to generate a password with a pseudo-random function?

I think this is okay. The password are disabled anyway by the backend.
Comment 8 Florian Best univentionstaff 2019-02-18 15:18:12 CET
The current code depends on the attributes being present. Therefore it raises a type error. TypeError: Cannot read property 'className' of null
Comment 9 Florian Best univentionstaff 2019-02-18 15:21:44 CET
FYI: it looks strange on mobile / smart phone.
Comment 10 Dirk Wiesenthal univentionstaff 2019-02-18 23:24:02 CET
(In reply to Dirk Wiesenthal from comment #7)
> (In reply to Florian Best from comment #3)
> > """return Math.random().toString(36).slice(-8);"""
> > 
> > Are you sure you want to generate a password with a pseudo-random function?
> 
> I think this is okay. The password are disabled anyway by the backend.

New users are not diabled anymore. Therefore, the generated passwords should be stronger now.

(In reply to Florian Best from comment #8)
> The current code depends on the attributes being present. Therefore it
> raises a type error. TypeError: Cannot read property 'className' of null

Fixed in
  univention-management-console-module-udm 9.0.2-4A~4.4.0.201902182323
Comment 11 Dirk Wiesenthal univentionstaff 2019-02-18 23:24:55 CET
*** Bug 48695 has been marked as a duplicate of this bug. ***
Comment 12 Florian Best univentionstaff 2019-02-20 11:08:29 CET
Missing changelog entry.
Comment 13 Florian Best univentionstaff 2019-02-20 14:42:15 CET
OK: functions
OK: cryptographic secure password are generated
The reason why it's necessary that this password is crytographic randomly created is the following:
If an administrator creates 2 (or more) users after another, any of the users can get to know the passwords of the other users by looking up their own password / password history, crack the NTLM(or other password but NTLM should be the easiest and relatively easy), find out the seed of the PRNG Math.Random() and generate the next/previous passwords from that value.
Comment 14 Dirk Wiesenthal univentionstaff 2019-02-21 09:11:03 CET
Added in 953ba50fba
Comment 15 Florian Best univentionstaff 2019-02-21 09:35:58 CET
OK: Changelog
Comment 16 Florian Best univentionstaff 2019-03-12 13:40:28 CET
UCS 4.4 has been released:
 https://docs.software-univention.de/release-notes-4.4-0-en.html
 https://docs.software-univention.de/release-notes-4.4-0-de.html

If this error occurs again, please use "Clone This Bug".