[MODLOGIN-131] reset password fails if credentials record does not already exist - FOLIO Issue Tracker

XML

Word

Printable

Details

Type: Bug
Status: Closed (View Workflow)
Priority: P3
Resolution: Done
Affects Version/s: None
Fix Version/s: 7.0.0
Labels:
- platform-backlog

Template:

Standard Bug Write-Up Format
Sprint:
CP: sprint 90
Story Points:
1
Development Team:
Core: Platform
Release:
Q2 2020

Description

A POST request to bl-users/password-reset/reset fails with a 500 if the corresponding record from authn/credentials is not already present.

The failure comes from mod-login's POST /authn/password/repeatable, invoked via the default mod-password-validator rule here:
https://github.com/folio-org/mod-password-validator/blob/f8864c413dbac105d49b7b9f3b377d4dbaab64bb/ramls/defaultRules/defaultRules.json#L101

If a credential record is not found the passwordStorageServiceImpl fails the promise/future returned by getCredsById(...)
https://github.com/folio-org/mod-login/blob/c3c6263f5520319f1208d47e04e70ca6bd39f8f4/src/main/java/org/folio/services/impl/PasswordStorageServiceImpl.java#L435 causing a 500 Internal Server Error to be returned w/o any context.

The error handling should be adjusted so that when a credentials record doesn't exist POST /authn/password/repeatable returns a response indicating that the password is not a repeat.

TestRail: Results

Attachments

Issue Links

blocks

MODLOGIN-129 POST to /authn/credentials accepts empty string for password

Closed

UIU-1671 do not create credentials record when adding username

Closed

relates to

UIU-1503 Impossible to create system user from already existing account (cannot set password)

Closed

Activity

People

Assignee:: Craig McNally

Reporter:: Zak_Burke

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 04/Jun/20 3:53 AM

Updated:: 11/Jun/20 3:47 PM

Resolved:: 11/Jun/20 3:47 PM

reset password fails if credentials record does not already exist