Uploaded image for project: 'Nuxeo Platform'
  1. Nuxeo Platform
  2. NXP-30278

Fix error message when setting an invalid password

    XMLWordPrintable

    Details

    • Release Notes Summary:
      Setting a password which doesn't respect the configured pattern results in a bad request error.
    • Tags:
    • Backlog priority:
      700
    • Sprint:
      nxplatform #59
    • Story Points:
      3

      Description

      Steps to reproduce:

      1. Contribute a user password pattern for example 
        <extension point="userManager" target="org.nuxeo.ecm.platform.usermanager.UserService">
  <userManager class="org.nuxeo.ecm.platform.computedgroups.UserManagerWithComputedGroups">
    <userPasswordPattern>^(?=.*[0-9])(?=.*[a-z])(?=.*[A-Z])(?=.*[@#$%^+=])(?=\S+$).{8,}$</userPasswordPattern>
  </userManager>
</extension>
      2. Start Nuxeo
      3. Log in to Nuxeo WebUI
      4. Go to Administration > Users & Groups > New > User
      5. Fill the different fields and set the password with "qsd"
      6. Submit

      Observe that nothing happens.

      In Nuxeo logs, there is this error

      2021-03-19T11:31:09,485 ERROR [WebEngineExceptionMapper] org.nuxeo.ecm.platform.usermanager.exceptions.InvalidPasswordException
org.nuxeo.ecm.platform.usermanager.exceptions.InvalidPasswordException: null
	at org.nuxeo.ecm.platform.usermanager.UserManagerImpl.checkPasswordValidity(UserManagerImpl.java:1392) ~[nuxeo-platform-usermanager-core-10.10-HF39.jar:?]
	at org.nuxeo.ecm.platform.usermanager.UserManagerImpl.createUser(UserManagerImpl.java:1346) ~[nuxeo-platform-usermanager-core-10.10-HF39.jar:?]
	at org.nuxeo.ecm.platform.usermanager.UserManagerImpl.createUser(UserManagerImpl.java:911) ~[nuxeo-platform-usermanager-core-10.10-HF39.jar:?]
	at org.nuxeo.ecm.restapi.server.jaxrs.usermanager.UserRootObject.createArtifact(UserRootObject.java:65) ~[nuxeo-rest-api-server-10.10-HF42.jar:?]
	at org.nuxeo.ecm.restapi.server.jaxrs.usermanager.UserRootObject.createArtifact(UserRootObject.java:40) ~[nuxeo-rest-api-server-10.10-HF42.jar:?]
	at org.nuxeo.ecm.restapi.server.jaxrs.usermanager.AbstractUMRootObject.createNew(AbstractUMRootObject.java:68) ~[nuxeo-rest-api-server-10.10-HF42.jar:?]

      which produces a HTTP 500 response.

      It can be reproduced with a curl command

      curl -X POST -u Administrator:Administrator 'http://localhost:8080/nuxeo/api/v1/user' \
  -H 'properties: *' \
  -H 'Content-Type: application/json' \
  -H 'Origin: http://localhost:8080' \
  --data-raw '{"entity-type":"user","id":"","properties":{"username":"testpass","firstName":"tit","lastName":"mar","company":"","email":"tma@nuxeo.com","password":"qsd"}}'

      returns

      {"entity-type":"exception","status":500,"message":null}

      Expected behavior: an error message is displayed to indicate that the entered password does not follow the required pattern

        Attachments

          Issue Links

          is required by

          Bug - A problem which impairs or prevents the functions of the product. ELEMENTS-1480 Change password screen - provide information on password pattern so user is aware

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Resolved

            Activity

              People

              • Votes:
                0 Vote for this issue
                Watchers:
                7 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: