When password login is disabled, Management UI still shows password-related components

Question

When password login is disabled, Management UI still shows password-related components

j-mok opened this issue 3 years ago · 3 comments

Some password-login-specific elements of the UI are still visible after switching to Azure AD authentication.

Steps to reproduce
Steps to reproduce the behavior:

Disable password login in appsettings.json:

"PasswordLogin": {
        "Enabled": false
    },

Enable Azure Active Directory:

"AzureAd": {
        "Enabled": true,
        ...
    },

Log into VC Manager with an AD account
Click the profile drop-down in the upper right corner to reveal Change password entry is still there
Log into VC Manager as an administrator
Go to the Security module and select an AD user to reveal that Change password button is still there

Expected behavior
All password-related features should be hidden both in own profile and security blade views when password login is disabled. Anything related to user credentials should be handled by Azure Active Directory. Alternatively password-manipulation components should be visible but marked with a warning when password login is disabled.

Version info:

Platform version: 3.100.0

Answer 1 · 2022-01-18T12:46:47.000Z

Task https://virtocommerce.atlassian.net/browse/VP-7898 has been created

Answer 2 · 2022-01-19T07:15:57.000Z

Hi, @j-mok .
Thanks for the feedback. Very helpful remark. I submitted this case to the platform team for research and estimate.
I will inform you about the decision.

Answer 3 · 2022-03-03T08:54:31.000Z

Hi, @j-mok.
Bug has been fixed.
Release https://github.com/VirtoCommerce/vc-platform/releases/tag/3.201.0