[MGNLPUR-143] PUR PasswordProcessor has poor error handling Created: 19/Sep/14  Updated: 28/Jan/15  Resolved: 24/Sep/14

Status: Closed
Project: Magnolia Public User Registration
Component/s: None
Affects Version/s: None
Fix Version/s: 2.2.5, 2.4.1

Type: Bug Priority: Neutral
Reporter: Edgar Vonk Assignee: Roman Kovařík
Resolution: Fixed Votes: 0
Labels: support
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Relates
relates to MGNLPUR-67 Password Reminder form displays ambig... Closed
duplicate
is duplicated by MGNLPUR-140 Invalid username in Password Reset Fo... Closed
Template:
Acceptance criteria:
Empty
Task DoD:
[ ]* Doc/release notes changes? Comment present?
[ ]* Downstream builds green?
[ ]* Solution information and context easily available?
[ ]* Tests
[ ]* FixVersion filled and not yet released
[ ]  Architecture Decision Record (ADR)
Bug DoR:
[ ]* Steps to reproduce, expected, and actual results filled
[ ]* Affected version filled

 Description   

The PUR contains a 'password reset' functionality. If you attempt to reset your password with a non-existing username the user gets a very ugly generic error message and a stack trace is logged.

The problem is in the error handling in the PasswordProcessor class in the PUR module. The problem is that the 'internalProcess' method catches the the FormProcessorFailedException for no reason and passes it on as a runtime exception.. The worst thing is that the internalProcess method is overridden but that the 'throws FormProcessorFailedException' was removed. This makes it impossible to subclass this method if you still want to throw this exception.

Here is my workaround:

package nl.info.researchant.magnolia.publicuserregistration.processors;

import info.magnolia.cms.security.User;
import info.magnolia.cms.security.UserManager;
import info.magnolia.i18nsystem.SimpleTranslator;
import info.magnolia.module.ModuleRegistry;
import info.magnolia.module.form.processors.FormProcessorFailedException;
import info.magnolia.module.publicuserregistration.PasswordRetrievalStrategy;
import info.magnolia.module.publicuserregistration.PublicUserRegistrationConfig;
import info.magnolia.module.publicuserregistration.processors.AbstractPURProcessor;

import javax.inject.Inject;
import javax.jcr.Node;
import java.util.Map;

/**
 * Replacement of the default PUR {@link info.magnolia.module.publicuserregistration.processors.PasswordProcessor} with
 * improved error handling.
 *
 * See: https://jira.info.nl/browse/TOKUE-404
 */
public class ResearchAntPasswordProcessor extends AbstractPURProcessor {

	@Inject
	private SimpleTranslator i18n;

	@Inject
	public ResearchAntPasswordProcessor(ModuleRegistry moduleRegistry) {
		super(moduleRegistry);
	}

	@Override
	protected void internalProcess(Node content, Map<String, Object> parameters) throws FormProcessorFailedException {

		final String username = (String) parameters.get("username");

		final PublicUserRegistrationConfig config = getModuleConfig();
		final PasswordRetrievalStrategy passwordRetrievalStrategy = config.getConfiguration().getPasswordRetrievalStrategy();

		final UserManager userManager = getUserManager(config);
		final User user = userManager.getUser(username);

		if (user == null) {
			throw new FormProcessorFailedException(i18n.translate("pur.passwordprocessor.user.does.not.exist"));
		}

		passwordRetrievalStrategy.retrievePassword(user);
		updateContext(user);
	}
}

Generated at Mon Feb 12 06:43:30 CET 2024 using Jira 9.4.2#940002-sha1:46d1a51de284217efdcb32434eab47a99af2938b.