Bug #16721
open
Creating a new user ignores certificate checkbox value if the certificate fields are populated
100%
Description
When adding a user, there's an option to also create a user certificate. I checked the option, filled in some data and then changed my mind. After hitting Save with Certificate unchecked again, it ended up being created anyway. Verified under 2.8.1 and 25.11.
Files
Updated by Jim Pingle about 17 hours ago
- Subject changed from User certificate still created after unchecking option to Creating a user
- Status changed from New to Confirmed
- Assignee set to Jim Pingle
- Target version set to 2.9.0
- Plus Target Version set to 26.07
I was able to reproduce this. The backend code doesn't test the state of that checkbox, which is currently only used as a GUI toggle to show/hide the fields. As long as the Descriptive Name field has a value the page will attempt to create the certificate.
I agree that behavior is confusing, and it should be fairly easy to test the value of that checkbox (e.g. check if $_POST['showcert'] == "yes") and only create the certificate if it's checked. Probably worth renaming showcert to something more appropriate as well since it would no longer be only for show/hide.
Too late for this Plus release, but we can address that in the next one.
Updated by Jim Pingle about 17 hours ago
- Subject changed from Creating a user to Creating a new user ignores certificate checkbox value if the certificate fields are populated
Updated by Jim Pingle about 15 hours ago
- File 16721.patch 16721.patch added
- Status changed from Confirmed to Waiting on Merge
- % Done changed from 0 to 100
MR: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/1270
Patch attached for testing. When the box is checked, it requires the certificate fields to be populated. When unchecked, the certificate fields are completely ignored.
There is a quirk I found where the form was not working properly after encountering an input error, which likely needs more testing to ensure each action type still works properly with and without encountering input errors along the way. So this definitely needs to wait until the next release so it has more exposure/testing.