[MGNLPUR-143] PUR PasswordProcessor has poor error handling Created: 19/Sep/14 Updated: 28/Jan/15 Resolved: 24/Sep/14 |
|
| Status: | Closed |
| Project: | Magnolia Public User Registration |
| Component/s: | None |
| Affects Version/s: | None |
| Fix Version/s: | 2.2.5, 2.4.1 |
| Type: | Bug | Priority: | Neutral |
| Reporter: | Edgar Vonk | Assignee: | Roman Kovařík |
| Resolution: | Fixed | Votes: | 0 |
| Labels: | support | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Issue Links: |
|
||||||||||||||||
| Template: |
|
||||||||||||||||
| Acceptance criteria: |
Empty
|
||||||||||||||||
| Task DoD: |
[ ]*
Doc/release notes changes? Comment present?
[ ]*
Downstream builds green?
[ ]*
Solution information and context easily available?
[ ]*
Tests
[ ]*
FixVersion filled and not yet released
[ ] 
Architecture Decision Record (ADR)
|
||||||||||||||||
| Bug DoR: |
[ ]*
Steps to reproduce, expected, and actual results filled
[ ]*
Affected version filled
|
||||||||||||||||
| Description |
|
The PUR contains a 'password reset' functionality. If you attempt to reset your password with a non-existing username the user gets a very ugly generic error message and a stack trace is logged. The problem is in the error handling in the PasswordProcessor class in the PUR module. The problem is that the 'internalProcess' method catches the the FormProcessorFailedException for no reason and passes it on as a runtime exception.. The worst thing is that the internalProcess method is overridden but that the 'throws FormProcessorFailedException' was removed. This makes it impossible to subclass this method if you still want to throw this exception. Here is my workaround: package nl.info.researchant.magnolia.publicuserregistration.processors; import info.magnolia.cms.security.User; import info.magnolia.cms.security.UserManager; import info.magnolia.i18nsystem.SimpleTranslator; import info.magnolia.module.ModuleRegistry; import info.magnolia.module.form.processors.FormProcessorFailedException; import info.magnolia.module.publicuserregistration.PasswordRetrievalStrategy; import info.magnolia.module.publicuserregistration.PublicUserRegistrationConfig; import info.magnolia.module.publicuserregistration.processors.AbstractPURProcessor; import javax.inject.Inject; import javax.jcr.Node; import java.util.Map; /** * Replacement of the default PUR {@link info.magnolia.module.publicuserregistration.processors.PasswordProcessor} with * improved error handling. * * See: https://jira.info.nl/browse/TOKUE-404 */ public class ResearchAntPasswordProcessor extends AbstractPURProcessor { @Inject private SimpleTranslator i18n; @Inject public ResearchAntPasswordProcessor(ModuleRegistry moduleRegistry) { super(moduleRegistry); } @Override protected void internalProcess(Node content, Map<String, Object> parameters) throws FormProcessorFailedException { final String username = (String) parameters.get("username"); final PublicUserRegistrationConfig config = getModuleConfig(); final PasswordRetrievalStrategy passwordRetrievalStrategy = config.getConfiguration().getPasswordRetrievalStrategy(); final UserManager userManager = getUserManager(config); final User user = userManager.getUser(username); if (user == null) { throw new FormProcessorFailedException(i18n.translate("pur.passwordprocessor.user.does.not.exist")); } passwordRetrievalStrategy.retrievePassword(user); updateContext(user); } } |