Uploaded image for project: 'Magnolia Public User Registration'
  1. Magnolia Public User Registration
  2. MGNLPUR-143

PUR PasswordProcessor has poor error handling

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Fixed
    • Icon: Neutral Neutral
    • 2.2.5, 2.4.1
    • None
    • None

      The PUR contains a 'password reset' functionality. If you attempt to reset your password with a non-existing username the user gets a very ugly generic error message and a stack trace is logged.

      The problem is in the error handling in the PasswordProcessor class in the PUR module. The problem is that the 'internalProcess' method catches the the FormProcessorFailedException for no reason and passes it on as a runtime exception.. The worst thing is that the internalProcess method is overridden but that the 'throws FormProcessorFailedException' was removed. This makes it impossible to subclass this method if you still want to throw this exception.

      Here is my workaround:

      package nl.info.researchant.magnolia.publicuserregistration.processors;

import info.magnolia.cms.security.User;
import info.magnolia.cms.security.UserManager;
import info.magnolia.i18nsystem.SimpleTranslator;
import info.magnolia.module.ModuleRegistry;
import info.magnolia.module.form.processors.FormProcessorFailedException;
import info.magnolia.module.publicuserregistration.PasswordRetrievalStrategy;
import info.magnolia.module.publicuserregistration.PublicUserRegistrationConfig;
import info.magnolia.module.publicuserregistration.processors.AbstractPURProcessor;

import javax.inject.Inject;
import javax.jcr.Node;
import java.util.Map;

/**
 * Replacement of the default PUR {@link info.magnolia.module.publicuserregistration.processors.PasswordProcessor} with
 * improved error handling.
 *
 * See: https://jira.info.nl/browse/TOKUE-404
 */
public class ResearchAntPasswordProcessor extends AbstractPURProcessor {

	@Inject
	private SimpleTranslator i18n;

	@Inject
	public ResearchAntPasswordProcessor(ModuleRegistry moduleRegistry) {
		super(moduleRegistry);
	}

	@Override
	protected void internalProcess(Node content, Map<String, Object> parameters) throws FormProcessorFailedException {

		final String username = (String) parameters.get("username");

		final PublicUserRegistrationConfig config = getModuleConfig();
		final PasswordRetrievalStrategy passwordRetrievalStrategy = config.getConfiguration().getPasswordRetrievalStrategy();

		final UserManager userManager = getUserManager(config);
		final User user = userManager.getUser(username);

		if (user == null) {
			throw new FormProcessorFailedException(i18n.translate("pur.passwordprocessor.user.does.not.exist"));
		}

		passwordRetrievalStrategy.retrievePassword(user);
		updateContext(user);
	}
}

        Acceptance criteria

              rkovarik Roman Kovařík
              edgar Edgar Vonk
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Created:
                Updated:
                Resolved:

                  Bug DoR
                  Task DoD