Service Desk customer sign up/password reset page does not indicate if the password does not meet the password policy requirements

Summary

Service Desk customer sign up/password reset page does not indicate if the password does not meet the password policy requirements

Environment

• Jira Service Desk 3.12.1
• Jira Server has enabled some password policy per /secure/admin/EditPasswordPolicy.jspa

Steps to Reproduce (Sign up)

1. As a Jira administrator, enable any password policy on /secure/admin/EditPasswordPolicy.jspa (default is disabled, for the sake of this test, let's try to use 'Secure' option which
   • Requires passwords to be at least 10 characters long and use at least 3 character types including at least 1 special character.
   • Rejects passwords that are even slightly similar to the previous password or the user's public information.
2. As a JSD project administrator, go to the project administration page
3. From the left sidebar, choose customers
4. Then click the Add customers button in the top right corner
5. Enter a new customer's email address to invite them to the JSD project
6. As the customer at the other end of that email address, click the link in the email to go to Jira to setup your account
7. Enter in a password that does not meet the password policy in place for Jira, example password used ABCdef123456 (long enough, uses 3 character types, but has no special characters)

Steps to Reproduce (Password Reset)

1. As a Jira administrator, enable any password policy on /secure/admin/EditPasswordPolicy.jspa (default is disabled, for the sake of this test, let's try to use 'Secure' option which
   • Requires passwords to be at least 3 characters long and use at least 3 character types including at least 1 special character.
   • Rejects passwords that are even slightly similar to the previous password or the user's public information.
2. As a JSD project administrator, go to the project administration page
3. From the left sidebar, choose customers
4. Then click the Add customers button in the top right corner
5. Enter a new customer's email address to invite them to the JSD project
6. As the customer at the other end of that email address, click the link in the email to go to Jira to setup your account
7. Enter in a password that does not meet the password policy in place for Jira, example - previous password

Expected Results

This page in Jira should tell the end user that their password does not meet the password policy currently in place for this Jira site. AND The page should indicate which specific element of the password policy was not met. (In this case the lack of a special character)

Actual Results

• Nothing happens on the page.
• The end user is not able to continue.
• No visible error or warning appears in the browser
• Only when looking at the browser console log can you see a HTTP 400 error (bad request) when trying to continue. Upon inspection of a HAR file of this even can we see a json response of

  {"errors":[],"reasonKey":"The password must satisfy the password policy","reasonCode":"400"} 
  

  However this response does not have any way currently to appear to the end user.

Notes

Workaround

The Jira administrator either has to

• Convey the password requirements ahead of time to the new user OR
• temporarily disable the password policy

Another scenario from JSDSERVER-5791: Service Desk customer sign up page does not indicate why account cannot be created is during account creation. It gives a different error but it seems to be the same root cause.