When password login is disabled, Management UI still shows password-related components
j-mok opened this issue ยท 3 comments
Some password-login-specific elements of the UI are still visible after switching to Azure AD authentication.
Steps to reproduce
Steps to reproduce the behavior:
- Disable password login in
appsettings.json
:
"PasswordLogin": {
"Enabled": false
},
- Enable Azure Active Directory:
"AzureAd": {
"Enabled": true,
...
},
- Log into VC Manager with an AD account
- Click the profile drop-down in the upper right corner to reveal Change password entry is still there
- Log into VC Manager as an administrator
- Go to the Security module and select an AD user to reveal that Change password button is still there
Expected behavior
All password-related features should be hidden both in own profile and security blade views when password login is disabled. Anything related to user credentials should be handled by Azure Active Directory. Alternatively password-manipulation components should be visible but marked with a warning when password login is disabled.
Version info:
- Platform version: 3.100.0
Task https://virtocommerce.atlassian.net/browse/VP-7898 has been created
Hi, @j-mok .
Thanks for the feedback. Very helpful remark. I submitted this case to the platform team for research and estimate.
I will inform you about the decision.
Hi, @j-mok.
Bug has been fixed.
Release https://github.com/VirtoCommerce/vc-platform/releases/tag/3.201.0