Community
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Read only

Commerce Backoffice property editor broken for encrypted fields

Go to solution
iccaprar
Explorer

on ‎2021 May 14 10:51 AM

0 Likes
1,216

Hi everyone,

We are in the process of upgrading SAP Commerce from 1905 to 2011, and we noticed a very strange behavior of the Backoffice editor for any attribute that is marked as encrypted.

This is the example for the Customer attribute (any User, for what it's worth):

* core-items.xml

<itemtype code="User" extends="Principal" jaloclass="de.hybris.platform.jalo.user.User" autocreate="true" generate="true">
    <deployment table="Users" typecode="4" propertytable="UserProps"/>
<attributes>
<attribute autocreate="true" qualifier="passwordQuestion" type="java.lang.String">
<modifiers read="true" write="true" search="true" optional="true" encrypted="true"/>
    <persistence type="property">
        <columntype>
            <value>HYBRIS.LONG_STRING</value>
        </columntype>
    </persistence>
</attribute>
</attributes>
</itemtype>

* platformbackoffice-backoffice-config.xml

<context merge-by="type" parent="Principal" type="User" component="editor-area">
<ea:tab name="hmc.password" position="7">
   <ea:section name="hmc.password">
      <ea:customPanel name="userPasswordPanelRenderer" spring-bean="userPasswordPanelRenderer"/>
      <ea:attribute qualifier="passwordQuestion" description="hmc.text.passwordQuestion.description"/>
      <ea:attribute qualifier="lastLogin" description="hmc.text.lastLogin.description"/>
      <ea:attribute qualifier="loginDisabled" label="hmc.text.password.logindisabled"/>
   </ea:section>
</ea:tab>
</context>

* customersupportbackoffice-backoffice-config.xml

<context merge-by="type" parent="Principal" type="User" component="cs-editor-area" module="customersupportbackoffice">
<editorArea:tab name="hmc.password" position="7" tooltipText="customersupport_backoffice_customer_tab_password_desc">
   <editorArea:section name="hmc.password">
                 <editorArea:customPanel name="userPasswordPanelRenderer" spring-bean="userPasswordPanelRenderer"/>
                 <editorArea:panel name="">
         <editorArea:attribute qualifier="passwordQuestion" description="hmc.text.passwordQuestion.description"/>
         <editorArea:attribute qualifier="lastLogin" description="hmc.text.lastLogin.description"/>
         <editorArea:attribute qualifier="loginDisabled" label="hmc.text.password.logindisabled"/>
      </editorArea:panel>
   </editorArea:section>
</editorArea:tab>
</context>

In 1905, the editor panel looks like this:

But on 2011, it looks wrong:

The passwordQuestion field shows two edit fields, with incorrect hints ("Password"/"Verify password"). It is even strange, they are not using the correct hint localization (notice the Change Password field, using "New Password" and "Confirm New Password" hint messages).

I looked in the changelog for 2005 and 2011 and also in the backoffice widget help for the editor, but there is nothing mentioning any setting we now have to do by default.

Looks more like a bug.

Any idea would be appreciated.

Thanks!

Cristi C.

Know the answer?

Help others by sharing your knowledge.

Answer

Need more details?

Request clarification before answering.

Show replies
Show replies
vikramnew258
Discoverer
‎2021 May 18 3:58 PM
0 Likes

have you done any customisation of backoffice widget?

I am not seeing this issue on 2011 version.

View Entire Topic
iccaprar
Explorer
‎2021 May 19 5:36 PM

We have no customizations, and I can reproduce this on the default 2011_5 standard b2c installation.

The issue is in AbstractEditorAreaComponentRenderer class, method setPasswordEditorAsDefaultForEncryptedStrings, that is being called by the createEditor method of the same class. This is setting the editor "com.hybris.cockpitng.editor.defaultpassword" on all encrypted string attributes that do not have an explicit editor set in backoffice config (and most of the attributes from the standard platform do not have an explicit backoffice editor set on them - as it is the case for passwordQuestion in platformbackoffice).

Would be nice for SAP to fix or document this behavior, it is definitely not present in the code in 1905, that I also just checked. Would be even nicer to make it configurable, so we can decide if we want it by default or not.

Hope this helps others and also hope someone from SAP is reading this discussion forum...

Show replies
Show replies
Ask a Question