[magnolia-dev] [JIRA] (MGNLPUR-138) TokenPasswordProcessor does not check if the user has an actual token

[JIRA (on behalf of Christian Ringele)]

Christian Ringele created MGNLPUR-138 TokenPasswordProcessor does not check if the user has an actual token Issue Type: Bug Affects Versions: 2.3.1 Assignee: Unassigned Created: 11/Aug/14 2:01 PM Description: No check is done to see if the user actually has a token. If the user has no token (e.g. because the password change functionality has already been used; e.g. the user clicks on the change password link twice) you get an ugly null pointer. We added this in our TokenPasswordProcessor. See code below. The error messages (which are shown to the end-user) are hardcoded. i18n messages should really be used. I think it would be good to add this to the Magnolia TokenPasswordProcessor class? // not present in Magnolia's TokenPasswordProcessor // check if user's token is present at all; if we don't do this and the token is not present // we get an ugly nullpointer later on if (null == user.getProperty("token")) { throw new FormProcessorFailedException("No 'password change token' is present in the current user session. " + "Maybe you have already changed your password? Should you want to change your password again then please " + "request a new password reset."); } Project: Magnolia Public User Registration Labels: support Priority: Neutral Reporter: Christian Ringele

This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira

---

----------------------------------------------------------------
For list details, see: http://www.magnolia-cms.com/community/mailing-lists.html
Alternatively, use our forums: http://forum.magnolia-cms.com/
To unsubscribe, E-mail to: <dev-list-unsubscr...@magnolia-cms.com>
----------------------------------------------------------------