Details
-
Bug
-
Resolution: Fixed
-
Neutral
-
2.3.1
-
None
Description
- No check is done to see if the user actually has a token. If the user has no token (e.g. because the password change functionality has already been used; e.g. the user clicks on the change password link twice) you get an ugly null pointer. We added this in our TokenPasswordProcessor. See code below.
- The error messages (which are shown to the end-user) are hardcoded. i18n messages should really be used.
I think it would be good to add this to the Magnolia TokenPasswordProcessor class?
// not present in Magnolia's TokenPasswordProcessor
// check if user's token is present at all; if we don't do this and the token is not present
// we get an ugly nullpointer later on
if (null == user.getProperty("token")) {
throw new FormProcessorFailedException("No 'password change token' is present in the current user session. " +
"Maybe you have already changed your password? Should you want to change your password again then please " +
"request a new password reset.");
}
Checklists
Acceptance criteria