This is a DRAFT, once reviewed, remove this to be published and set permissions to anonymous
OXGuard 2.8 and below with PIN enabled
OXAppSuite 7.8.4 and below
Problem
GOOD - A user sends an encrypted mail to an unknown "external" address and DOES NOT use the extra PIN functionality. The guest gets the message that he received an encrypted message and gets a link to the temporary account. There he gets recognized as a new guest and has to set his own password. Everything is fine.
BAD - A user sends and encrypted mail to an unknown "external" address and DOES use the extra PIN functionality. The extra PIN feature never gets seen by the end user but only the password which he does not know yet. This would confuse the end user.
Solution
During the time of this writing there is going to be a patch for this against OXGuard 2.8.x in order to fix this, but in the meantime a work around can be done
The issue arrises when when the user is not assigned a password, but a PIN was applied.
To reproduce, and see where your mistake is... make sure the following settings are applied :
guard-core.properties: com.openexchange.guard.newGuestsRequirePassword=false guard-api.properties: com.openexchange.capability.guard-pin=true
Then send an encrypted email to a new Guest with a PIN applied.
The user will just get the password prompt. They don't have a password, and hence the issue.
So, If com.openexchange.guard.newGuestRequirePassword=true then the user will have a password available, and will then be prompted for a pin.
guard-core.properties: com.openexchange.guard.newGuestsRequirePassword=true guard-api.properties: com.openexchange.capability.guard-pin=true
Remember
Remember to restart your OXApp Server to allow the changes to take place.
Related articles