Openbravo Issue Tracking System - Openbravo ERP
View Issue Details
IDProjectCategoryView StatusDate SubmittedLast Update
0013510Openbravo ERP01. General setuppublic2010-06-02 17:392022-02-01 08:08
Reporterplujan 
Assigned ToTriage Platform Base 
PrioritynormalSeverityminorReproducibilityhave not tried
StatusacknowledgedResolutionopen 
PlatformOS5OS Version
Product Versionmain 
Target VersionFixed in Version 
Merge Request Status
Review Assigned To
OBNetwork customer
Web browser
ModulesCore
Support ticket
Regression level
Regression date
Regression introduced in release
Regression introduced by commit
Triggers an Emergency PackNo
Summary0013510: Inconsistent use of Password fields
DescriptionThere is a special field for passwords, with an special icon and an specific behavior. However, it is not used consistently.
As stated in rejected issue 0013491 setting the password for Initial Client Setup administrator user does not require the use of this password field. But when you create a new user by using the User window, that field type is used.
The password field is also used when setting request user password at Client window.
It is an inconsistent behavior and any end user will get confused about it.
Steps To ReproduceReview initial client setup, user and client windows.

Example flow:
1. Create a new client. At initial client setup window you are prompted to enter a username and password. Note that the password field is not the standard one. (See attach 1)
2. Logout
3. Login with the created user. You need a second admin user, so you go to User window. When entering the password for this one, the password field IS the standard one. (See attach 2) So behavior is inconsistent.
Proposed SolutionThere are two main ways of resolve this issue.

The best way is to replace the password fields (all of them) by the other ones.

The second way is to create a wiki page justifying this different behavior. Why it is valid to have a password field when creating the second administrator user and not for the first one.
Additional Information
TagsNo tags attached.
Relationships
related to defect 00134912.50MP19 closed dalsasua Password text field should appear as a popup window along with protected key symbol 
related to feature request 0000188 new jonalegriaesarte Initial Client Setup process should allow users to assign initial passwords for Admin and User users 
blocks feature request 0013494 closed dalsasua A confirm password must be added to the intial client setup window 
Attached Filespng ICS_InitialClientSetupWindow.PNG (17,855) 2010-06-02 17:39
https://issues.openbravo.com/file_download.php?file_id=2622&type=bug
png

png ICS_UserWindow.PNG (45,251) 2010-06-02 17:39
https://issues.openbravo.com/file_download.php?file_id=2623&type=bug
png

png singlepw.png (27,465) 2011-01-03 12:10
https://issues.openbravo.com/file_download.php?file_id=3458&type=bug
png
Issue History
Date ModifiedUsernameFieldChange
2010-06-02 17:39plujanNew Issue
2010-06-02 17:39plujanAssigned To => adrianromero
2010-06-02 17:39plujanFile Added: ICS_InitialClientSetupWindow.PNG
2010-06-02 17:39plujanFile Added: ICS_UserWindow.PNG
2010-06-02 17:39plujanRelationship addedrelated to 0013491
2010-06-02 17:39plujanRelationship addedrelated to 0000188
2010-06-02 17:39plujanRelationship addedrelated to 0013494
2010-06-02 17:42plujanversion => main
2010-06-07 13:23dalsasuaNote Added: 0028053
2010-06-07 13:23dalsasuaRelationship deletedrelated to 0013494
2010-06-07 13:24dalsasuaRelationship addedblocks 0013494
2010-06-08 13:41dalsasuaStatusnew => scheduled
2010-06-08 13:41dalsasuaAssigned Toadrianromero => dalsasua
2010-06-08 13:41dalsasuafix_in_branch => pi
2010-06-08 13:42dalsasuaNote Added: 0028182
2010-06-08 13:42dalsasuaStatusscheduled => resolved
2010-06-08 13:42dalsasuaFixed in Version => pi
2010-06-08 13:42dalsasuaFixed in SCM revision => http://code.openbravo.com/erp/devel/pi/rev/d38c6dc4652cb8cf93dd89087644fa5831e20b47 [^]
2010-06-08 13:42dalsasuaResolutionopen => fixed
2010-06-08 15:11dalsasuaAssigned Todalsasua => rgoris
2010-06-08 15:11dalsasuaStatusresolved => new
2010-06-08 15:11dalsasuaResolutionfixed => open
2010-06-08 15:11dalsasuaFixed in Versionpi =>
2011-01-03 12:09rgorisNote Added: 0033511
2011-01-03 12:10rgorisFile Added: singlepw.png
2011-01-03 12:11rgorisStatusnew => acknowledged
2011-01-10 10:31dalsasuaAssigned Torgoris => alostale
2011-01-10 10:32dalsasuaNote Added: 0033558
2011-10-28 20:16iciordiaTypedefect => feature request
2011-10-28 20:16iciordiafix_in_branchpi =>
2017-04-10 14:38alostaleAssigned Toalostale => platform
2022-02-01 08:08alostaleAssigned Toplatform => Triage Platform Base

Notes
(0028053)
dalsasua   
2010-06-07 13:23   
Hi all,

In issue 0013494 I'm requested to add a confirm password field in initial client setup. In this issue a general rule for password fields across whole erp is requested. I would like to clarify first this rule before changing anything.

This is the status:

Passwords are stored encrypted in database.
WAD generated windows solve this through a pop-up, where user enters the password, it is encrypted and saved encrypted in the correspondent field of the parent window.
In manual windows this is not necessary as the encryption can be done in the servlet.
The pop-up, from a UI perspective, is a pain. UIX has determined that suitable approach is to have two fields in the main window: password and confirm password. I can easily do this in initial client setup window, but would like to have an agreement before changing anything.

Thanks.
(0028182)
dalsasua   
2010-06-08 13:42   
As agreed between platform, UIX and QA teams, initial client setup will provide two fields (with no pop-up) for password and confirm password, and wad-generated windows will provide the pop-up in order to encrypt password.
(0033511)
rgoris   
2011-01-03 12:09   
David, i just checked 2.50 MP25 on live builds and noticed that the user password in General Setup || Security || User || User does not have two password fields yet. Is this still planned to be done or was there a reason not to do it? See image
(0033558)
dalsasua   
2011-01-10 10:32   
Asier: do you know something about a possible change in password fields in wad generated windows?