Uploaded image for project: 'Nuxeo Platform'
  1. Nuxeo Platform
  2. NXP-30278

Fix error message when setting an invalid password

    Details

    • Tags:
    • Backlog priority:
      500

      Description

      Steps to reproduce:

      1. Contribute a user password pattern for example
        <extension point="userManager" target="org.nuxeo.ecm.platform.usermanager.UserService">
          <userManager class="org.nuxeo.ecm.platform.computedgroups.UserManagerWithComputedGroups">
            <userPasswordPattern>^(?=.*[0-9])(?=.*[a-z])(?=.*[A-Z])(?=.*[@#$%^+=])(?=\S+$).{8,}$</userPasswordPattern>
          </userManager>
        </extension>
        
      2. Start Nuxeo
      3. Log in to Nuxeo WebUI
      4. Go to Administration > Users & Groups > New > User
      5. Fill the different fields and set the password with "qsd"
      6. Submit

      Observe that nothing happens.

      In Nuxeo logs, there is this error

      2021-03-19T11:31:09,485 ERROR [WebEngineExceptionMapper] org.nuxeo.ecm.platform.usermanager.exceptions.InvalidPasswordException
      org.nuxeo.ecm.platform.usermanager.exceptions.InvalidPasswordException: null
      	at org.nuxeo.ecm.platform.usermanager.UserManagerImpl.checkPasswordValidity(UserManagerImpl.java:1392) ~[nuxeo-platform-usermanager-core-10.10-HF39.jar:?]
      	at org.nuxeo.ecm.platform.usermanager.UserManagerImpl.createUser(UserManagerImpl.java:1346) ~[nuxeo-platform-usermanager-core-10.10-HF39.jar:?]
      	at org.nuxeo.ecm.platform.usermanager.UserManagerImpl.createUser(UserManagerImpl.java:911) ~[nuxeo-platform-usermanager-core-10.10-HF39.jar:?]
      	at org.nuxeo.ecm.restapi.server.jaxrs.usermanager.UserRootObject.createArtifact(UserRootObject.java:65) ~[nuxeo-rest-api-server-10.10-HF42.jar:?]
      	at org.nuxeo.ecm.restapi.server.jaxrs.usermanager.UserRootObject.createArtifact(UserRootObject.java:40) ~[nuxeo-rest-api-server-10.10-HF42.jar:?]
      	at org.nuxeo.ecm.restapi.server.jaxrs.usermanager.AbstractUMRootObject.createNew(AbstractUMRootObject.java:68) ~[nuxeo-rest-api-server-10.10-HF42.jar:?]
      

      which produces a HTTP 500 response.

      It can be reproduced with a curl command

      curl -X POST -u Administrator:Administrator 'http://localhost:8080/nuxeo/api/v1/user' \
        -H 'properties: *' \
        -H 'Content-Type: application/json' \
        -H 'Origin: http://localhost:8080' \
        --data-raw '{"entity-type":"user","id":"","properties":{"username":"testpass","firstName":"tit","lastName":"mar","company":"","email":"tma@nuxeo.com","password":"qsd"}}' 
      

      returns

      {"entity-type":"exception","status":500,"message":null}
      

      Expected behavior: an error message is displayed to indicate that the entered password does not follow the required pattern

        Attachments

          Issue Links

            Activity

              People

              • Votes:
                0 Vote for this issue
                Watchers:
                4 Start watching this issue

                Dates

                • Created:
                  Updated:

                  PagerDuty

                  Error rendering 'com.pagerduty.jira-server-plugin:PagerDuty'. Please contact your Jira administrators.