Uploaded image for project: 'Jira Data Center'
  1. Jira Data Center
  2. JRASERVER-15602

ForgotPassword page NullPointer exception if you dont provide a user name

    XMLWordPrintable

Details

    Description

      if you invoke the ForgotPassword action without a user name, it throws a NullPointer exception

      java.lang.NullPointerException
	at com.atlassian.core.user.UserUtils.resetPassword(UserUtils.java:310)
	at com.atlassian.jira.web.action.user.ForgotPassword.doPassword(ForgotPassword.java:29)
	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)

      The validation code does not detect the null user name and then incorrectly trys to reset its password. It needs to detect a null username and present the error as intended.

      The offending method is doPasswordValidation

      protected void doPasswordValidation()
    {
        if (!UserUtils.existsUser(username))
        {
            addError("username", getText("forgotpassword.error.usernameDoesNotExist"));
        }
    }

      This would appear to have been in the product for a long time.

      Attachments

        Activity

          People

            Unassigned Unassigned
            bbaker ɹǝʞɐq pɐɹq
            Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: