Details
-
Bug
-
Resolution: Duplicate
-
High
-
None
-
3.15.3
-
1
-
Severity 2 - Major
-
Description
Hello, everyone! After comparing this bug request against the known bug report JSDSERVER-5786: Service Desk customer sign up/password reset page does not indicate if the password does not meet the password policy requirements we realized that both are addressing the same scenario. We will be closing this request now and will ask you to cast your votes and add any additional feedback so we can have the impact of this issue gathered in one single request.
Best regards,
Amirul
Summary
Service Desk password page does not indicate if the password does not meet the password policy requirements
Environment
- Jira Service Desk 3.15.3 & Crowd 3.3.2
- Jira Server has enabled password policy per /secure/admin/EditPasswordPolicy.jspa
Steps to Reproduce
- As a Jira administrator, enable any password policy on /secure/admin/EditPasswordPolicy.jspa (default is disabled, for the sake of this test, let's try to use 'Secure' option which
- Requires passwords to be at least 3 characters long and use at least 3 character types including at least 1 special character.
- Rejects passwords that are even slightly similar to the previous password or the user's public information.
- As a JSD project administrator, go to the project administration page
- From the left sidebar, choose customers
- Then click the Add customers button in the top right corner
- Enter a new customer's email address to invite them to the JSD project
- As the customer at the other end of that email address, click the link in the email to go to Jira to setup your account
- Enter in a password that does not meet the password policy in place for Jira, example - previous password
Expected Results
This page in Jira should tell the end user that their password does not meet the password policy currently in place for this Jira site. AND The page should indicate which specific element of the password policy was not met. (In this case previous password was entered)
Actual Results
- Nothing happens on the page.
- The end user is not able to continue.
- No visible error or warning appears in the browser
- Only when looking at the browser console log can you see a HTTP 400 error (bad request) when trying to continue. Upon inspection of a HAR file of this even can we see a json response of
{"errors":[],"reasonKey":"The password must satisfy the password policy","reasonCode":"400"}However this response does not have any way currently to appear to the end user.
Notes
It used to work in Jira Service Desk 3.3:
Workaround
The Jira administrator either has to
- Convey the password requirements ahead of time to the new user OR
- temporarily disable the password policy
Attachments
Issue Links
- is cloned from
-
-
- Closed
-
- relates to
-
-
- Closed
-