Uploaded image for project: 'PUBLIC - Liferay Portal Community Edition'
  1. PUBLIC - Liferay Portal Community Edition
  2. LPS-60180

Wrong error messages displayed when resetting password

    Details

      Description

      Wrong error messages displayed when resetting password. The cause of this is that the ticket attribute is not always being set in the request. When the ticket attribute is not set and returns null, the wrong error messages will be displayed.

      *Note that there are two different steps to reproduce.

      Steps to Reproduce:

      Test 1:

      1. Setup Mail configuration settings in System Configuration.
      2. Create a new user account with valid email. Sign-out.
      3. Click on the "Forgot password?" link on the Sign In portlet on the home page.
      4. In the "Forgot password?" screen fill the registered email and captcha. Click on the "Send New Password" button.
      5. An email is received to the registered email containing the password reset link.
      6. Click the link and fill in the "Password" and "Please repeat your entry" fields with different values. Click "Save".

      Expected Result: Error message displayed: "The passwords you entered do not match. Please re-enter your password."
      Actual Result: Error message displayed: "Your password reset link is no longer valid. Request a new password reset link."

      Test 2:

      1. Login as Administrator. In Control Panel, go to Password Policies and click on the Default Password Policy. Check "Syntax Checking Enabled" under the Password Syntax Checking section (if it is not checked).
      2. Logout and perform the first 3 steps from test 1.
      3. Click the link and fill the "Password" and "Please repeat your entry" with values that are exactly the same but length is less than 6 (default Liferay minimum length is 6). Click "Save".

      Expected Result: Error message displayed: "That password is too short (or too long). Please make sure your password is between 6 and 512 characters."
      Actual Result: Error message displayed: "Your password reset link is no longer valid. Request a new password reset link."

      At the time of this ticket creation, the functionality of resetting a password is broken in master. However the code is the same, so the fix will be submitted for master and ee-6.2.x.

        Attachments

        1. fixed1.png
          fixed1.png
          20 kB
        2. fixed2.png
          fixed2.png
          20 kB
        3. reproduced1.png
          reproduced1.png
          17 kB

          Issue Links

            Activity

              People

              Assignee:
              hong.zhao Hong Zhao
              Reporter:
              dustin.ryerson Dustin Ryerson (Inactive)
              Participants of an Issue:
              Recent user:
              Sharry Shi
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:
                Days since last comment:
                3 years, 37 weeks, 5 days ago

                  Packages

                  Version Package
                  6.2.X EE
                  7.0.0 Alpha 3