Saving Email Settings that contains UserName & Password can cause multiple times Encryption

[zhhws0]

The password in Email setting is being encrypted (that is correct).
However, I see that this process is being done in BeforeCommit event, and unfortunately it happens every time the data being saved.
That means, the only time that the Password being saved correctly will be only the first time the Save button being clicked.

Usual Use Case that produced wrong data being saved:

1. User enters the username and password in Edit Email Configuration page
2. User clicks Save button --> Password is encrypted and saved (correctly)
3. User clicks Test button --> Open the Test page
4. User clicks Submit button --> gets the successful result
5. User clicks Save Configuration button --> this will trigger the BeforeCommit again, and will encrypt the "already" encrypted password.
6. Now, user will think that test is successful and therefore everything ok, and never realized that currently the Password is wrong. No Email will be sent because the password has been encrypted 2 times.

Suggestion:

1. Add condition to check before changing the value of Password with Encrypted value to check whether the current value has been encrypted.

[edwinvanelk]

Are you sure this multiple times Encryption does take place?

Isn't this prevented by the decision "Already encrypted? - startsWith($Plain, '{AES')" in Encryption.Encrypt?

[zhhws0]

Hi,

have you tried the steps above? at that time, it happened like that, thats why I wrote the sequence.
Yes, it should have been prevented by the Decision you mentioned, but somehow it wasnt..

Since this is already almost 4 months ago, I will try whether I can reproduce it, since it happened in customer environment.