Customers whose username contains a blank space are not able to reset password

XMLWordPrintable

    • 4
    • Severity 3 - Minor
    • 0

      Summary

      If a customer's username contains a blank space, the password reset link replaces the blank space with a + character, causing a 400 error when resetting password.

      Steps to reproduce

      1. Create a customer account with this username: first last
      2. As the customer, request a password reset
      3. From the password reset email sent by Service Desk, click Reset my password
      4. Try to reset password from the browser

      Expected behavior

      Password can be reset normally.

      Actual behavior

      Password can't be reset:

      1. From the GUI, it seems the page just refreshes itself without doing anything
      2. From the F12 developer tools, a 400 error is thrown with this message: 
        The reset password token you have provided has timed out.

      Workaround

      Manually replace the + character in the password reset link with %20 e.g.:

      • Change the link from this: 
        <JIRA_URL>/servicedesk/customer/user/resetpassword?username=first+last&token=<Token>

        to this then reset password normally:

        <JIRA_URL>/servicedesk/customer/user/resetpassword?username=first%20last&token=<Token>

            Assignee:
            Unassigned
            Reporter:
            Andy Nguyen (Inactive)
            Votes:
            4 Vote for this issue
            Watchers:
            6 Start watching this issue

              Created:
              Updated: