Defect #2453
openServer error during a user registration, because is not possible to set a password policy.
0%
Description
Is not possible to register a new user with properties idm.sec.reg.passwordPolicy="policy Name", idm.pub.reg.passwordInputEnabled=true and idm.pub.reg.attributes.password.attr="password".
Registration works and use default policy only after setting a property idm.pub.reg.passwordInputEnabled=false.
Error:
Forbidden. ({path=/idm/api/v1/authentication/remote-auth, message=Access Denied})
2020-08-25 14:11:21.891 ERROR 89245049 --- [ajp-nio-127.0.0.1-8009-exec-1] e.b.i.c.e.ExceptionControllerAdvice.handle : [3de26996-7c70-4009-a785-ee725e351a26]
java.lang.NullPointerException: null
at eu.bcvsolutions.idm.core.model.service.impl.DefaultIdmPasswordPolicyService.enhancedControlForSimilar(DefaultIdmPasswordPolicyService.java:614)
at eu.bcvsolutions.idm.core.model.service.impl.DefaultIdmPasswordPolicyService.validate(DefaultIdmPasswordPolicyService.java:494)
at eu.bcvsolutions.idm.core.model.service.impl.DefaultIdmPasswordPolicyService.validate(DefaultIdmPasswordPolicyService.java:211)
at eu.bcvsolutions.idm.core.model.service.impl.DefaultIdmPasswordPolicyService.validate(DefaultIdmPasswordPolicyService.java:206)
at eu.bcvsolutions.idm.core.model.service.impl.DefaultIdmPasswordPolicyService$$FastClassBySpringCGLIB$$f90f724f.invoke(<generated>)
at org.springframework.cglib.proxy.MethodProxy.invoke(MethodProxy.java:218)
Updated by Marek Klement over 4 years ago
- Description updated (diff)
- Status changed from New to In Progress
When validation is on (idm.pub.reg.passwordInputEnabled=true), it is called before everything else. So it just takes form attributes and want to validate it with others from identity. Problem is, that no identity exists at this time.
On the other hand when it is off, default password validation is probably called as proccessor dependent on identity save. So it gets all attributes needed.
Best way of fixing this bug is to wait for module refactoring and use some kind of IdmIdentityCreateRequest which will holds all data. But it will need to check password polici separetly from core module as there is used identity object.