and more in a single search tool across platforms. Read the announcement here. |
03/14/2024 10:39 AM
Hello,
We are using REST connector to perform the change password operation for one of our application. We have noticed that when change password gets failed due to escape characters then it shows passowrd in plain text in provisioning comment.
auditDetails":{"call1":[{"message":"Unrecognized character escape '2' (code 50)\n at [Source: {\"password\":\"example\\26\"}; line: 1, column: 24]","status":"Failed"}
Below is the change password code we are using.
{
"call": [
{
"name": "call1",
"connection": "userAuth",
"url": "https://xxxxx/ords/sis_owner/xxx/idm/staff/${user.employeeid}",
"httpMethod": "POST",
"httpParams": "{\"password\":\"${org.apache.commons.lang.StringEscapeUtils.escapeJava(arsTasks.getPassword())}\"}",
"httpHeaders": {
"Content-Type": "application/json",
"Authorization": "${access_token}"
},
"httpContentType": "application/json",
"successResponses": {
"statusCode": [
200,
201,
204
]
}
}
]
}
Is there any way to not to show the password in provisioning comment if change password operation fails due to some reason.
Thanks,
Poonam
03/14/2024 08:21 PM
In case of success does it captures of shows password ?
03/14/2024 11:57 PM
@rushikeshvartak Yes, It shows the password only in case of failure in provisioning.
03/17/2024 06:58 PM
Use passport policy and escape characters causing issue
03/15/2024 12:49 AM
Hi @poonammhetre , is it using the same password that is shown in the log at the time of failure? once the task is completed successfully? or does it send out a different one..?
03/15/2024 03:23 AM
@NM It shows same password in provisioning comment which user has entered during change password operation.