[MGNLPUR-138] TokenPasswordProcessor does not check if the user has an actual token Created: 11/Aug/14  Updated: 01/Sep/14  Resolved: 12/Aug/14

Status: Closed
Project: Magnolia Public User Registration
Component/s: None
Affects Version/s: 2.3.1
Fix Version/s: 2.4

Type: Bug Priority: Neutral
Reporter: Christian Ringele Assignee: Milan Divilek
Resolution: Fixed Votes: 0
Labels: support
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
causality
Template:
Acceptance criteria:
Empty
Task DoD:
[ ]* Doc/release notes changes? Comment present?
[ ]* Downstream builds green?
[ ]* Solution information and context easily available?
[ ]* Tests
[ ]* FixVersion filled and not yet released
[ ]  Architecture Decision Record (ADR)
Bug DoR:
[ ]* Steps to reproduce, expected, and actual results filled
[ ]* Affected version filled

 Description   
  • No check is done to see if the user actually has a token. If the user has no token (e.g. because the password change functionality has already been used; e.g. the user clicks on the change password link twice) you get an ugly null pointer. We added this in our TokenPasswordProcessor. See code below.
  • The error messages (which are shown to the end-user) are hardcoded. i18n messages should really be used.

I think it would be good to add this to the Magnolia TokenPasswordProcessor class?

        // not present in Magnolia's TokenPasswordProcessor
        // check if user's token is present at all; if we don't do this and the token is not present
        // we get an ugly nullpointer later on
        if (null == user.getProperty("token")) {
            throw new FormProcessorFailedException("No 'password change token' is present in the current user session. " +
                    "Maybe you have already changed your password? Should you want to change your password again then please " +
                    "request a new password reset.");
        }

Generated at Mon Feb 12 06:43:27 CET 2024 using Jira 9.4.2#940002-sha1:46d1a51de284217efdcb32434eab47a99af2938b.