Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: password check for user email update #1722

Merged
merged 1 commit into from
Dec 18, 2024
Merged

fix: password check for user email update #1722

merged 1 commit into from
Dec 18, 2024

Conversation

fhoferish
Copy link
Contributor

@fhoferish fhoferish commented Nov 12, 2024
edited by SGrueber
Loading

PR Type

[x] Bugfix
[ ] Feature
[ ] Code style update (formatting, local variables)
[ ] Refactoring (no functional changes, no API changes)
[ ] Build-related changes
[ ] CI-related changes
[ ] Documentation content changes
[ ] Application / infrastructure changes
[ ] Other:

What Is the Current Behavior?

It is possible to change the e-mail address in the user profile of the My Account without correct password, while there is a need to enter the password. The password is sent in the request header of the user put request, but is is not checked by the ICM any more.

What Is the New Behavior?

The password is sent to the ICM in the request body of the user put request (updateUser method of the user.service.ts) now.
There the password is validated by the ICM when the user's email is changed.

Does this PR Introduce a Breaking Change?

[ ] Yes
[x] No

Other Information

Requires ICM 13.0, 12.3.1, or 7.10.41.7 or higher to fix this issue.

AD

@shauke shauke requested a review from SGrueber November 15, 2024 11:53
@shauke shauke added this to the 5.3 milestone Nov 15, 2024
@shauke shauke added the bug Something isn't working label Nov 15, 2024
@SGrueber SGrueber changed the title fix: updateUser now inlcludes password fix: updateUser now includes password Dec 12, 2024
@SGrueber SGrueber changed the title fix: updateUser now includes password fix: password check for user email upate Dec 16, 2024
@SGrueber SGrueber changed the title fix: password check for user email upate fix: password check for user email update Dec 18, 2024
@SGrueber SGrueber merged commit 4d5e69a into intershop:develop Dec 18, 2024
24 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@SGrueber SGrueber SGrueber approved these changes

Assignees

@SGrueber SGrueber

Labels
bug Something isn't working
Projects
None yet
Milestone
5.3
Development

Successfully merging this pull request may close these issues.
3 participants
@fhoferish @SGrueber @shauke