Uploaded image for project: 'JIRA Server (including JIRA Core)'
  1. JIRA Server (including JIRA Core)
  2. JRASERVER-15602

ForgotPassword page NullPointer exception if you dont provide a user name

    Details

      Description

      if you invoke the ForgotPassword action without a user name, it throws a NullPointer exception

      java.lang.NullPointerException
      	at com.atlassian.core.user.UserUtils.resetPassword(UserUtils.java:310)
      	at com.atlassian.jira.web.action.user.ForgotPassword.doPassword(ForgotPassword.java:29)
      	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
      	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
      	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
      

      The validation code does not detect the null user name and then incorrectly trys to reset its password. It needs to detect a null username and present the error as intended.

      The offending method is doPasswordValidation

      protected void doPasswordValidation()
          {
              if (!UserUtils.existsUser(username))
              {
                  addError("username", getText("forgotpassword.error.usernameDoesNotExist"));
              }
          }
      

      This would appear to have been in the product for a long time.

        Attachments

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              bbaker Brad Baker
            • Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: