Uploaded image for project: 'Magnolia Public User Registration'
  1. Magnolia Public User Registration
  2. MGNLPUR-143

PUR PasswordProcessor has poor error handling

    XMLWordPrintable

Details

    • Bug
    • Resolution: Fixed
    • Neutral
    • 2.2.5, 2.4.1
    • None
    • None

    Description

      The PUR contains a 'password reset' functionality. If you attempt to reset your password with a non-existing username the user gets a very ugly generic error message and a stack trace is logged.

      The problem is in the error handling in the PasswordProcessor class in the PUR module. The problem is that the 'internalProcess' method catches the the FormProcessorFailedException for no reason and passes it on as a runtime exception.. The worst thing is that the internalProcess method is overridden but that the 'throws FormProcessorFailedException' was removed. This makes it impossible to subclass this method if you still want to throw this exception.

      Here is my workaround:

      package nl.info.researchant.magnolia.publicuserregistration.processors;
      
      import info.magnolia.cms.security.User;
      import info.magnolia.cms.security.UserManager;
      import info.magnolia.i18nsystem.SimpleTranslator;
      import info.magnolia.module.ModuleRegistry;
      import info.magnolia.module.form.processors.FormProcessorFailedException;
      import info.magnolia.module.publicuserregistration.PasswordRetrievalStrategy;
      import info.magnolia.module.publicuserregistration.PublicUserRegistrationConfig;
      import info.magnolia.module.publicuserregistration.processors.AbstractPURProcessor;
      
      import javax.inject.Inject;
      import javax.jcr.Node;
      import java.util.Map;
      
      /**
       * Replacement of the default PUR {@link info.magnolia.module.publicuserregistration.processors.PasswordProcessor} with
       * improved error handling.
       *
       * See: https://jira.info.nl/browse/TOKUE-404
       */
      public class ResearchAntPasswordProcessor extends AbstractPURProcessor {
      
      	@Inject
      	private SimpleTranslator i18n;
      
      	@Inject
      	public ResearchAntPasswordProcessor(ModuleRegistry moduleRegistry) {
      		super(moduleRegistry);
      	}
      
      	@Override
      	protected void internalProcess(Node content, Map<String, Object> parameters) throws FormProcessorFailedException {
      
      		final String username = (String) parameters.get("username");
      
      		final PublicUserRegistrationConfig config = getModuleConfig();
      		final PasswordRetrievalStrategy passwordRetrievalStrategy = config.getConfiguration().getPasswordRetrievalStrategy();
      
      		final UserManager userManager = getUserManager(config);
      		final User user = userManager.getUser(username);
      
      		if (user == null) {
      			throw new FormProcessorFailedException(i18n.translate("pur.passwordprocessor.user.does.not.exist"));
      		}
      
      		passwordRetrievalStrategy.retrievePassword(user);
      		updateContext(user);
      	}
      }
      

      Checklists

        Acceptance criteria

        Attachments

          Issue Links

            Activity

              People

                rkovarik Roman Kovařík
                edgar Edgar Vonk
                Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                  Created:
                  Updated:
                  Resolved:

                  Checklists

                    Bug DoR
                    Task DoD