Details
-
Bug
-
Resolution: Fixed
-
Critical
-
COmanage Registry 4.3.0 (Ruddy Rex)
Description
Issue 1
Debugging output (when debug is true) is interleaved in the People Picker response, causing the JSON to be ignored:
https://server/registry/co_people/find/co:2/mode:S/petitionid:6691/token:5xyz?term=smith
Warning (2): Undefined array key "co_people" [APP/Controller/CoPeopleController.php, line 242]
Warning (2): Trying to access array offset on value of type null [APP/Controller/CoPeopleController.php, line 242]
Warning (2): Trying to access array offset on value of type null [APP/Controller/CoPeopleController.php, line 242]
Warning (2): foreach() argument must be of type array|object, null given [APP/Controller/CoPeopleController.php, line 242][
]
Issue 2
In an Enrollment Flow for Unauthenticated users that includes a sponsor people picker field, when the autocomplete functionality tries to fetch the data from the backend it fails, since there is no session.
According to the documentation
When Sponsor selection is enabled during enrollment, consideration should be given to potential information release, in particular during anonymous or authenticated Enrollment Flows (Petitioner Enrollment Authorization is set to None or Unauthenticated User) where the Sponsor field is modifiable. In order for the Sponsor to be selectable, the Petitioner must be able to view available Sponsors. This effectively means any unregistered user can determine who the possible Sponsors are, and if any CO Person is a possible Sponsor, then the unregistered user can view all (active) members of the CO.
Finding a Sponsor for an Enrollment Flow open to unauthenticated users is not working and needs to be fixed.