Uploaded image for project: 'mod-login'
  1. mod-login
  2. MODLOGIN-181

500 returned when login.fail.to.warn.attempts isn't configured & login fails more than once

    XMLWordPrintable

Details

    • Bug
    • Status: Closed (View Workflow)
    • TBD
    • Resolution: Done
    • 7.5.1
    • 7.6.0
    • None
    • Standard Bug Write-Up Format
    • CP: sprint 133
    • 1
    • Core: Platform
    • TBD

    Description

      Overview:

      When...

      the login fails (because of an incorrect password) and

      login.fail.to.warn.attempts is not configured and

      login attempts do exist

      ...mod-login returns a 500 error

      This occurred when using an edge API & the password within FOLIO was not the same password stored for the API key 'user'.

      Steps to Reproduce:

      1. Cause an edge API call to fail by using an incorrect password within FOLIO (for the user connected to the API key) or by setting up the wrong password for the 'api user' outside of FOLIO.
      2. Login attempts should exist in the DB...so you may have to make the API call a 2nd time.
      3. login.fail.to.warn.attempts should not be configured.

      Expected Results:

      'Password does match for userid....' error should be recorded in the log and the appropriate http code returned.
      Actual Results:

      http 500/internal server error is returned.

      Exception recorded in the log.

      2022-02-15 14:37:47.983,14:37:47 ERROR RestRouting HV000116: The object to be validated must not be null.
      2022-02-15 14:37:47.983,java.lang.IllegalArgumentException: HV000116: The object to be validated must not be null.
      2022-02-15 14:37:47.983, at org.hibernate.validator.internal.util.Contracts.assertNotNull(Contracts.java:44) ~[ms.jar:?]
      2022-02-15 14:37:47.983, at org.hibernate.validator.internal.engine.ValidatorImpl.validate(ValidatorImpl.java:151) ~[ms.jar:?]

      Additional Information:
      URL:
      Interested parties:

       

      Notes:

      This occurred in a Juniper environment.  I have not tested it in kiwi.

      If previous login attempts do not exist, the password error is logged and mod-login returns a 422/Unprocessable Entity:

      2022-02-15 16:34:04.893,16:34:04 [] [] [] [] ERROR LoginAPI Password does not match for userid redacted
      2022-02-15 16:34:04.894,16:34:04 [624043/authn] [tenant-id] [] [] INFO ProxyContext 624043/authn RES 422 153932us mod-login-7.4.0 http://redacted:8051/mod-login/authn/login
      2022-02-15 16:34:04.895,16:34:04 [] [] [] [] INFO LogUtil 127.0.0.1:37510 POST /authn/login null HTTP_1_1 422 212 150 tid=tenant-id Unprocessable Entity 
      2022-02-15 16:34:04.895,"10.23.36.169 - 10.23.38.113 - - [15/Feb/2022:16:34:04 +0000] ""POST /authn/login HTTP/1.1"" 422 174 rt=0.168 uct=""0.000"" uht=""0.168"" urt=""0.168"" ""-"" ""tenant-id"" ""-"" ""-"""

      TestRail: Results

        Attachments

          Issue Links

            Activity

              People

                adam Adam Dickmeiss
                msuranofsky Michelle Suranofsky
                Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                  Created:
                  Updated:
                  Resolved:

                  TestRail: Runs

                    TestRail: Cases