In specific cases, Admin UI does not allow for an "encryptionScheme" change on password update when setting rehashPasswordOnUserUpdate on the tenant.
Observed versions
1.53.3
Affects versions
The version, or versions where this bug exists. If you do not know, please leave blank for now.
Steps to reproduce
Steps to reproduce the behavior:
Update the encryption scheme on the tenant and set rehashPasswordOnUserUpdate to true
Find a user with a different encryption scheme (this could be a custom encryptor or just another encryption scheme that the user was created with)
Update the user in the Admin UI (Users > User > Edit > Update password in Admin UI)
Check the user and see that their encryption scheme does not update per the policy on the tenant from step one
Expected behavior
If a user updates their password via an administrative action in the Admin UI then the encryption scheme should update if configured on the tenant to do so.
Screenshots
If applicable, add screenshots to help explain your problem. Delete this section if it is not applicable.
Platform
(Please complete the following information)
Device: [e.g. Desktop, iPhone X, Pixel 3, etc]
OS: [e.g. iOS, macOS, Windows ME]
Browser + version [e.g. chrome, safari plus a version]
2️⃣ Additionally, you can set Require user to change password on next login which will also respect the rehashPasswordOnUserUpdate value when updating the password in the Admin UI
Workarounds - User Facing Password Update workflows
User facing workflows (forgot password workflow from our hosted pages, self service account management) will also respect the rehashPasswordOnUserUpdate value when updating the password. No action needed.
robotdan
commented
1 day ago
Description
In specific cases, Admin UI does not allow for an "encryptionScheme" change on password update when setting
rehashPasswordOnUserUpdateon the tenant.Observed versions
1.53.3
Affects versions
The version, or versions where this bug exists. If you do not know, please leave blank for now.
Steps to reproduce
Steps to reproduce the behavior:
Update the encryption scheme on the tenant and set
rehashPasswordOnUserUpdateto trueFind a user with a different encryption scheme (this could be a custom encryptor or just another encryption scheme that the user was created with)
Update the user in the Admin UI (
Users > User > Edit > Update password in Admin UI)Check the user and see that their encryption scheme does not update per the policy on the tenant from step one
Expected behavior
If a user updates their password via an administrative action in the Admin UI then the encryption scheme should update if configured on the tenant to do so.
Screenshots
If applicable, add screenshots to help explain your problem. Delete this section if it is not applicable.
Platform
(Please complete the following information)
Community guidelines
All issues filed in this repository must abide by the FusionAuth community guidelines.
Additional context
Workarounds - Administratively Updating a user's password
1️⃣ If you need to update the user's encryption scheme based on a password update, you can do this via the user API:
2️⃣ Additionally, you can set
Require user to change password on next loginwhich will also respect therehashPasswordOnUserUpdatevalue when updating the password in the Admin UIWorkarounds - User Facing Password Update workflows
User facing workflows (forgot password workflow from our hosted pages, self service account management) will also respect the
rehashPasswordOnUserUpdatevalue when updating the password. No action needed.