Uploaded image for project: 'mod-login'
  1. mod-login
  2. MODLOGIN-168

POST to /authn/login after too many failed requests generates 500

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed (View Workflow)
    • Priority: TBD
    • Resolution: Done
    • Affects Version/s: 7.0.0, 7.5.0
    • Fix Version/s: 7.6.0
    • Labels:
    • Template:
    • Sprint:
      CP: sprint 126
    • Story Points:
      2
    • Development Team:
      Core: Platform

      Description

      Overview: after several failed authentication attempts, /auth/login returns a 500 instead of a 422.
      Steps to Reproduce:

      1. In any environment running mod-authtoken >= 2.6.0, create a user and assign a password
      2. Attempt to sign in with invalid credentials several times.

      Expected Results: 422/password.incorrect followed by a 422/account.locked or something similar.
      Actual Results: After a few attempts, the error code changes to password.incorrect.warn.user. After a few more, the response changes to 500 and

      {
        "endpoint" : "/authn/login",
        "statusCode" : 500,
        "errorMessage" : "Internal Server error"
      }
      

        TestRail: Results

          Attachments

            Issue Links

              Activity

                People

                Assignee:
                adam Adam Dickmeiss
                Reporter:
                zburke Zak_Burke
                Votes:
                0 Vote for this issue
                Watchers:
                6 Start watching this issue

                  Dates

                  Created:
                  Updated:
                  Resolved:

                    TestRail: Runs

                      TestRail: Cases