Requesting password reset link results in error 500 after clicking on the link if External user management flag is set to ON

XMLWordPrintable

    • Type: Bug
    • Resolution: Unresolved
    • Priority: Low
    • None
    • Affects Version/s: 8.3.2, 8.5.0, 8.22.6
    • Component/s: Login, User Management - Others
    • None
    • 8.03
    • 10
    • Severity 3 - Minor
    • 3

      Issue Summary

      Requesting password reset link results in error 500 after clicking on the link if External user management flag is set to ON.

      Steps to Reproduce

      1. Go to Jira settings > System > Edit Settings > set "External user management" to ON
      2. Create a new user in internal directory, do not set the user password while creating. Check the "Send notification email" box.
      3. User gets the message in the mailbox:
      4. In case the password reset request gets invalid after 24 hours, user can request new password using /secure/ForgotLoginDetails.jspa?username=<username>

      Expected Results

      The reset password request form opens and user gets a fresh link in the mailbox.

      Actual Results

      User gets error 500 in browser with message User login details can not be reset for this JIRA site.

      The below exception is thrown in the atlassian-jira.log file:

      2019-12-02 13:51:01,197 http-nio-8080-exec-58 ERROR      [o.a.c.c.C.[.[localhost].[/].[action]] Servlet.service() for servlet [action] in context with path [] threw exception [java.lang.IllegalStateException: User login details can not be reset for this JIRA site.] with root cause
java.lang.IllegalStateException: User login details can not be reset for this JIRA site.
	at com.atlassian.jira.web.action.user.ForgotLoginDetails.doExecute(ForgotLoginDetails.java:49)
	at webwork.action.ActionSupport.execute(ActionSupport.java:165)
	at com.atlassian.jira.action.JiraActionSupport.execute(JiraActionSupport.java:63)
	at webwork.interceptor.DefaultInterceptorChain.proceed(DefaultInterceptorChain.java:39)
	at webwork.interceptor.NestedInterceptorChain.proceed(NestedInterceptorChain.java:31)
	... 5 filtered
	at javax.servlet.http.HttpServlet.service(HttpServlet.java:741)
	... 15 filtered
	at com.softwareplant.ppm.structure.hostplatform.jiraserver.event.JiraServerIssueLinkFilter.doFilter(JiraServerIssueLinkFilter.java:52)
	... 36 filtered
	at com.atlassian.servicedesk.internal.web.ExternalCustomerLockoutFilter.doFilter(ExternalCustomerLockoutFilter.java:55)
	... 4 filtered
	at com.atlassian.greenhopper.jira.filters.ClassicBoardRouter.doFilter(ClassicBoardRouter.java:62)
	... 7 filtered
	at com.atlassian.jira.plugin.mobile.web.filter.MobileAppRequestFilter.doFilter(MobileAppRequestFilter.java:37)
	... 4 filtered
	at com.atlassian.jira.plugin.mobile.login.MobileLoginSuccessFilter.doFilter(MobileLoginSuccessFilter.java:54)
	... 3 filtered
	at com.atlassian.diagnostics.internal.platform.monitor.http.HttpRequestMonitoringFilter.doFilter(HttpRequestMonitoringFilter.java:55)
	... 8 filtered
	at com.atlassian.web.servlet.plugin.request.RedirectInterceptingFilter.doFilter(RedirectInterceptingFilter.java:21)
	... 62 filtered
	at com.atlassian.jira.security.JiraSecurityFilter.lambda$doFilter$0(JiraSecurityFilter.java:66)
	... 1 filtered
	at com.atlassian.jira.security.JiraSecurityFilter.doFilter(JiraSecurityFilter.java:64)
	... 39 filtered
	at com.atlassian.jira.servermetrics.CorrelationIdPopulatorFilter.doFilter(CorrelationIdPopulatorFilter.java:30)
	... 5 filtered
	at com.atlassian.servicedesk.internal.web.CustomerContextSettingFilter.lambda$invokeFilterChain$0(CustomerContextSettingFilter.java:189)
	at com.atlassian.servicedesk.internal.api.util.context.ReentrantThreadLocalBasedCodeContext.rteInvoke(ReentrantThreadLocalBasedCodeContext.java:136)
	at com.atlassian.servicedesk.internal.api.util.context.ReentrantThreadLocalBasedCodeContext.runOutOfContext(ReentrantThreadLocalBasedCodeContext.java:89)
	at com.atlassian.servicedesk.internal.utils.context.CustomerContextServiceImpl.runOutOfCustomerContext(CustomerContextServiceImpl.java:47)
	at com.atlassian.servicedesk.internal.web.CustomerContextSettingFilter.outOfCustomerContext(CustomerContextSettingFilter.java:180)
	at com.atlassian.servicedesk.internal.web.CustomerContextSettingFilter.doFilterImpl(CustomerContextSettingFilter.java:131)
	at com.atlassian.servicedesk.internal.web.CustomerContextSettingFilter.doFilter(CustomerContextSettingFilter.java:120)
	... 4 filtered
	at com.atlassian.jwt.internal.servlet.JwtAuthFilter.doFilter(JwtAuthFilter.java:37)
	... 8 filtered
	at com.atlassian.web.servlet.plugin.request.RedirectInterceptingFilter.doFilter(RedirectInterceptingFilter.java:21)
	... 4 filtered
	at com.atlassian.web.servlet.plugin.LocationCleanerFilter.doFilter(LocationCleanerFilter.java:36)
	... 26 filtered
	at com.atlassian.jira.servermetrics.MetricsCollectorFilter.doFilter(MetricsCollectorFilter.java:25)
	... 25 filtered
	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
	at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
	at java.lang.Thread.run(Thread.java:748)

      Workaround

      Workaround 1
      Administrator can delete and recreate the user and ask them to set the password via "Set my password" button within 24 hours. This way, the user will be able to set the password.

      Workaround 2
      Disable "External user management" flag on General Configuration page.

        1. image-2019-12-03-12-05-48-291.png
          image-2019-12-03-12-05-48-291.png
          48 kB
        2. image-2019-12-03-12-08-29-516.png
          image-2019-12-03-12-08-29-516.png
          484 kB

            Assignee:
            Unassigned
            Reporter:
            Marko Filipan (Inactive)
            Votes:
            4 Vote for this issue
            Watchers:
            5 Start watching this issue

              Created:
              Updated: