#4653 There is no method to compare old and current password since SecretTexts cannot be compared in Cloud#4654
Conversation
Added a new procedure to validate password matching.
|
@microsoft-github-policy-service agree |
|
The PR did not pass the security review 🥺 @darjoo might be able to elaborate. |
|
@JesperSchulz @darjoo thank you for info but I need more info since the MS broke our code (an therefore whole solution that is used by customers). Moreover there is no alternative ways to do it in proper way just by bypassing MS system modules:
I am really looking forward to get your answer on this since I need to take an action |
|
BTW: Without this change the whole module is rather useless in the system (and this is not a comment - but rather fact or question so it would help to solve the issue with the process). If I am missing something and having this scenario:
How to accomplish in current state point 6?
The problem is that OpenSecretPasswordDialog in 26 returned texts now secret texts - which in general of course make sense but without any option to compare SecretTexts it is breaking change |
StefanMaron
left a comment
There was a problem hiding this comment.
I dont see any issues with this
|
I don't know any details yet unfortunately, but I will try to get answers to your questions! I should have waited to post the rejection until I know the background. Was a bit too quick there. |
|
@bc4all, your case has been reopened based on the detailed background you provided, which was most helpful. We're looking into options to unblock you. |
|
In the worst case scenario we can wait until 27.1 I know how you all are busy right now before release. |
|
Maybe it was rejected because we can bruteforce SecretTexts with this method. |
That was indeed one of the points that was brought up, but after thorough discussions we've landed on the conclusion that the risk of abuse is minimal, while the benefits of having this capability are clear. The decision has hence been revised and we now got security clearance to move forward with this PR 🥳 |
darjoo
left a comment
There was a problem hiding this comment.
Rediscussed internally, approving.
…cretTexts cannot be compared in Cloud (#4654) #### Summary Adding the function to compare secret texts for Password module. The new function is needed to make sure that the two passwords match. There is already function ValidateOldPasswordMatch in Implementation however it cannot be used since: 1. Name is not correct 2. It is not used in any facade codeunit 3. it exists if the input is empty Therefore for clarity the similar function has been added with the proper name. Also to facade codeunit the function has been added to be able to run it by developers. #### Work Item(s) #4653 Fixes #4653 Fixes [AB#602113](https://dynamicssmb2.visualstudio.com/1fcb79e7-ab07-432a-a3c6-6cf5a88ba4a5/_workitems/edit/602113)
…cretTexts cannot be compared in Cloud (#4654) #### Summary Adding the function to compare secret texts for Password module. The new function is needed to make sure that the two passwords match. There is already function ValidateOldPasswordMatch in Implementation however it cannot be used since: 1. Name is not correct 2. It is not used in any facade codeunit 3. it exists if the input is empty Therefore for clarity the similar function has been added with the proper name. Also to facade codeunit the function has been added to be able to run it by developers. #### Work Item(s) #4653 Fixes #4653 Fixes [AB#602113](https://dynamicssmb2.visualstudio.com/1fcb79e7-ab07-432a-a3c6-6cf5a88ba4a5/_workitems/edit/602113)
…word since SecretTexts cannot be compared in Cloud - missing capability in 27 compared to 26! - Copy (#4752) <!-- Thank you for submitting a Pull Request. If you're new to contributing to BCApps please read our pull request guideline below * https://github.com/microsoft/BCApps/Contributing.md --> #### Summary <!-- Provide a general summary of your changes --> Backport of #4654 #### Work Item(s) <!-- Add the issue number here after the #. The issue needs to be open and approved. Submitting PRs with no linked issues or unapproved issues is highly discouraged. --> Fixes [AB#602448](https://dynamicssmb2.visualstudio.com/1fcb79e7-ab07-432a-a3c6-6cf5a88ba4a5/_workitems/edit/602448) Co-authored-by: bc4all <104026807+bc4all@users.noreply.github.com>
…word since SecretTexts cannot be compared in Cloud - missing capability in 27 compared to 26! (#4751) <!-- Thank you for submitting a Pull Request. If you're new to contributing to BCApps please read our pull request guideline below * https://github.com/microsoft/BCApps/Contributing.md --> #### Summary <!-- Provide a general summary of your changes --> Backport of #4654 #### Work Item(s) <!-- Add the issue number here after the #. The issue needs to be open and approved. Submitting PRs with no linked issues or unapproved issues is highly discouraged. --> Fixes [AB#602446](https://dynamicssmb2.visualstudio.com/1fcb79e7-ab07-432a-a3c6-6cf5a88ba4a5/_workitems/edit/602446) Co-authored-by: bc4all <104026807+bc4all@users.noreply.github.com>
Summary
Adding the function to compare secret texts for Password module. The new function is needed to make sure that the two passwords match. There is already function ValidateOldPasswordMatch in Implementation however it cannot be used since:
Therefore for clarity the similar function has been added with the proper name. Also to facade codeunit the function has been added to be able to run it by developers.
Work Item(s) #4653
Fixes #4653
Fixes AB#602113