Uploaded image for project: 'Magnolia Public User Registration'
  1. Magnolia Public User Registration
  2. MGNLPUR-138

TokenPasswordProcessor does not check if the user has an actual token

    XMLWordPrintable

Details

    • Bug
    • Resolution: Fixed
    • Neutral
    • 2.4
    • 2.3.1
    • None

    Description

      • No check is done to see if the user actually has a token. If the user has no token (e.g. because the password change functionality has already been used; e.g. the user clicks on the change password link twice) you get an ugly null pointer. We added this in our TokenPasswordProcessor. See code below.
      • The error messages (which are shown to the end-user) are hardcoded. i18n messages should really be used.

      I think it would be good to add this to the Magnolia TokenPasswordProcessor class?

              // not present in Magnolia's TokenPasswordProcessor
              // check if user's token is present at all; if we don't do this and the token is not present
              // we get an ugly nullpointer later on
              if (null == user.getProperty("token")) {
                  throw new FormProcessorFailedException("No 'password change token' is present in the current user session. " +
                          "Maybe you have already changed your password? Should you want to change your password again then please " +
                          "request a new password reset.");
              }
      

      Checklists

        Acceptance criteria

        Attachments

          Activity

            People

              mdivilek Milan Divilek
              cringele Christian Ringele
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Checklists

                  Bug DoR
                  Task DoD