Uploaded image for project: 'Confluence Data Center'
  1. Confluence Data Center
  2. CONFSERVER-8078

Error page if new password doesn't match Crowd password validation

      From a Crowd support case:

      "I have a given a regular expression for the directory where all these users are imported. Now after integration with crowd When I try to reset the password of a confluence user in confluence with invalid conditions( not according to regular expression given), Then I get the following exception with confluence System error page being displayed."

      Cause:
      com.atlassian.user.EntityException: Fault: com.atlassian.crowd.integration.exception.InvalidCredentialException: Fault: com.atlassian.crowd.integration.exception.InvalidCredentialException
      at com.atlassian.crowd.integration.atlassianuser.CrowdUserManager.alterPassword(CrowdUserManager.java:170)

      caused by: com.atlassian.crowd.integration.exception.InvalidCredentialException: Fault: com.atlassian.crowd.integration.exception.InvalidCredentialException: Fault: com.atlassian.crowd.integration.exception.InvalidCredentialException
      at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)

      caused by: org.codehaus.xfire.fault.XFireFault: Fault: com.atlassian.crowd.integration.exception.InvalidCredentialException
      at org.codehaus.xfire.fault.Soap11FaultSerializer.readMessage(Soap11FaultSerializer.java:31)

      Suggested fix:

      1. Add a new subclass of EntityException called InvalidPasswordException
      2. Throw InvalidPasswordException from CrowdUserManager.alterPassword()
      3. Modify bucket's DefaultUserAccessor to rethrow InvalidPasswordException
      4. Catch InvalidPasswordException in Confluence's ChangeUserPasswordAction and display a meaningful error message to the user.

            [CONFSERVER-8078] Error page if new password doesn't match Crowd password validation

            Current atlassian-user jar file to be used to work around this issue on versions of confluence before 2.4.5.

            m@ (Inactive) added a comment - Current atlassian-user jar file to be used to work around this issue on versions of confluence before 2.4.5.

            The fix to this issue is:

            1. ATLASSIAN-USER: Create a new EntityException (in the atlassian-user library) called InvalidPasswordException. This exception can be thrown by UserManager's in the alterPassword method if they decide that the password should not be accepted. In this case, the CrowdUserManager can do this if the submitted password does not match the regular expression.

            2. CROWD: Modify the CrowdUserManager to catch the internal exception (InvalidCredentialException) and rethrow it as a InvalidPasswordException.

            3. CONFLUENCE: Modify the ChangeMyPasswordAction to catch the InvalidPasswordException and react by informing the user of the error.

            Notes:

            • Take note of CONF-8211 before considering the fix to this issue
            • To completely fix this issue, both Confluence must be upgraded to 2.4.5 and Crowd to 1.0.5. If you upgrade Confluence without Upgrading crowd you will no longer get the error/exception page but the field error will be: 'An internal error occured when trying to change your password.' This is because Confluence will not know the cause of the password change error.
            • If you upgrade crowd to 1.0.5 and don't upgrade confluence, then confluence will not be able to deserialize this exception and a nasty axis exception will be displayed to the user. The work around for this is to manually upgrade the atlassian-user jar which should be compatible with all confluence versions that support crowd integration.

            m@ (Inactive) added a comment - The fix to this issue is: 1. ATLASSIAN-USER: Create a new EntityException (in the atlassian-user library) called InvalidPasswordException. This exception can be thrown by UserManager's in the alterPassword method if they decide that the password should not be accepted. In this case, the CrowdUserManager can do this if the submitted password does not match the regular expression. 2. CROWD: Modify the CrowdUserManager to catch the internal exception (InvalidCredentialException) and rethrow it as a InvalidPasswordException. 3. CONFLUENCE: Modify the ChangeMyPasswordAction to catch the InvalidPasswordException and react by informing the user of the error. Notes: Take note of CONF-8211 before considering the fix to this issue To completely fix this issue, both Confluence must be upgraded to 2.4.5 and Crowd to 1.0.5. If you upgrade Confluence without Upgrading crowd you will no longer get the error/exception page but the field error will be: 'An internal error occured when trying to change your password.' This is because Confluence will not know the cause of the password change error. If you upgrade crowd to 1.0.5 and don't upgrade confluence, then confluence will not be able to deserialize this exception and a nasty axis exception will be displayed to the user. The work around for this is to manually upgrade the atlassian-user jar which should be compatible with all confluence versions that support crowd integration.

            Maybe in 2.6.

            Charles Miller (Inactive) added a comment - Maybe in 2.6.

              mjensen m@ (Inactive)
              matt@atlassian.com Matt Ryall
              Affected customers:
              0 This affects my team
              Watchers:
              0 Start watching this issue

                Created:
                Updated:
                Resolved: