Details
-
Bug
-
Resolution: Cannot Reproduce
-
Major
-
None
-
7.4.3
-
None
-
Chrome 51
-
Unknown
-
Description
1. Open the login form http://localhost:8080/xwiki/bin/login/XWiki/XWikiLogin?xredirect=%2Fxwiki%2Fbin%2Fview%2FXWiki%2FResetPassword .
2. Click on ''Forgot password"
3. Type the Username and click Reset Password
4. Go to your email and click on the reset link.
5.Change the password.
6. After you`ve been changed the Admin`s password, go again into the reset password email and click on the link.
Actual result:
- You are redirected to Reset your password page
- On this page you see this error:
Failed to execute the [velocity] macro. Click on this message for details. org.xwiki.rendering.macro.MacroExecutionException: Failed to evaluate Velocity Macro for content [#** This page completes the password reset procedure. It works according to the next algorithm: 1. Verify that the correct verification URL is entered, by checking the 'u' and 'v' request parameters against the existing ResetPasswordRequest objects 2. Display a form requesting the new password 3. When receiving the new password via form submission, update the user object with the new password, and remove the ResetPasswordRequest object URL parameters: u = user account in the verification URL v = random verification string p = the new password p2 = the new password (for misspelling check) !!!!! IMPORTANT !!!!! This document requires programming rights, so always make sure it is saved by a user with programming rights, and that it is secured against unprivileged editing. *### ## ## ## The name of the class used for storing password reset verification data. #set ($verifClass = 'XWiki.ResetPasswordRequestClass') ## ## START MACROS ## #** * Encrypt a string to get the value that would be stored inside a PasswordProperty field. * It is used to check if the unencrypted parameter from the URL is the value stored in the * ResetPasswordRequest object. * @param value The plaintext value to encrypt. * @param storedValue The current value stored in the ResetPasswordRequest object. * @param result The encrypted output. *# #macro(encrypt $value $storedValue $result) #set ($encryptedValue = $xwiki.getClass($verifClass).getXWikiClass().get('verification').getEquivalentPassword($storedValue, $value)) #setVariable("$result", $encryptedValue) #end ## ## #** * Verify that the request parameters are valid. * @param userName The user name (full document name) received in the URL. * @param validationString The unencrypted key that is stored in the ResetPasswordRequestClass object. * @param result A boolean where the validation result is returned. True if the request is valid, false otherwise. *# #macro(verifyRequest $userName $validationString $isValid) #set ($isValid = false) #if ($validationString != '' && $userName != '') #set ($storedValidationString = $!xwiki.getDocumentAsAuthor($userName).getObject($verifClass).getValue('verification')) #encrypt($validationString, $storedValidationString, $encryptedValidationString) #if ($storedValidationString == $encryptedValidationString) #set ($isValid = true) #end #end #end ## ## #** * Displays the password reset form. * @param message An optional message to display, for example if the sent password is empty. * @param u The user account (full document name), which needs to be preserved. * @param v The validation string, which will be checked again upon receiving the form. *### #macro(displayForm $message $userName $validationString) #if ($message != '') {{warning}}$message{{/warning}} #end {{html}} <form action="$doc.getURL()" method="post" class="xform third" onsubmit="if($('p').value == '') {alert('$services.localization.render("xe.admin.passwordReset.step2.error.emptyPassword")'); return false;} else if($('p').value != $('p2').value) {alert('$services.localization.render("xe.admin.passwordReset.step2.error.verificationMismatch")'); return false; }"> <div class="hidden"> <input type="hidden" name="form_token" value="$!{services.csrf.getToken()}" /> <input type="hidden" name="u" value="$!escapetool.xml($userName)"/> <input type="hidden" name="v" value="$!escapetool.xml($validationString)"/> </div> <dl> <dt><label for="p">$services.localization.render('xe.admin.passwordReset.step2.newPassword.label')</label></dt> <dd><input id="p" type="password" name="p" value="" size="20"/></dd> <dt><label for="p2">$services.localization.render('xe.admin.passwordReset.step2.newPasswordVerification.label')</label></dt> <dd><input id="p2" type="password" value="" name="p2" size="20"/></dd> </dl> <div class="buttons"> <span class="buttonwrapper"><input type="submit" value="$services.localization.render('xe.admin.passwordReset.step2.submit')" class="button"/></span> </div> </form> {{/html}} #end ## ## END MACROS ## ## #set ($userName = "$!request.u") #set ($validationString = "$!request.v") #set ($password = "$!request.p") #set ($password2 = "$!request.p2") #verifyRequest($userName $validationString $isValid)] at org.xwiki.rendering.internal.macro.velocity.VelocityMacro.evaluateString(VelocityMacro.java:131) at org.xwiki.rendering.internal.macro.velocity.VelocityMacro.evaluateString(VelocityMacro.java:50) at org.xwiki.rendering.macro.script.AbstractScriptMacro.evaluateBlock(AbstractScriptMacro.java:286) at org.xwiki.rendering.macro.script.AbstractScriptMacro.execute(AbstractScriptMacro.java:182) at org.xwiki.rendering.macro.script.AbstractScriptMacro.execute(AbstractScriptMacro.java:58) at org.xwiki.rendering.internal.transformation.macro.MacroTransformation.transform(MacroTransformation.java:269) at org.xwiki.rendering.internal.transformation.DefaultRenderingContext.transformInContext(DefaultRenderingContext.java:183) at org.xwiki.rendering.internal.transformation.DefaultTransformationManager.performTransformations(DefaultTransformationManager.java:95) at org.xwiki.display.internal.DocumentContentDisplayer.display(DocumentContentDisplayer.java:263) at org.xwiki.display.internal.DocumentContentDisplayer.display(DocumentContentDisplayer.java:131) at org.xwiki.display.internal.DocumentContentDisplayer.display(DocumentContentDisplayer.java:58) at org.xwiki.display.internal.DefaultDocumentDisplayer.display(DefaultDocumentDisplayer.java:96) at org.xwiki.display.internal.DefaultDocumentDisplayer.display(DefaultDocumentDisplayer.java:39) at org.xwiki.sheet.internal.SheetDocumentDisplayer.display(SheetDocumentDisplayer.java:123) at org.xwiki.sheet.internal.SheetDocumentDisplayer.display(SheetDocumentDisplayer.java:52) at org.xwiki.display.internal.ConfiguredDocumentDisplayer.display(ConfiguredDocumentDisplayer.java:68) at org.xwiki.display.internal.ConfiguredDocumentDisplayer.display(ConfiguredDocumentDisplayer.java:42) at com.xpn.xwiki.doc.XWikiDocument.getRenderedContent(XWikiDocument.java:1173) at com.xpn.xwiki.doc.XWikiDocument.getRenderedContent(XWikiDocument.java:1136) at com.xpn.xwiki.doc.XWikiDocument.getRenderedContent(XWikiDocument.java:1188) at com.xpn.xwiki.api.Document.getRenderedContent(Document.java:692) at sun.reflect.GeneratedMethodAccessor375.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:498) at org.apache.velocity.util.introspection.UberspectImpl$VelMethodImpl.doInvoke(UberspectImpl.java:395) at org.apache.velocity.util.introspection.UberspectImpl$VelMethodImpl.invoke(UberspectImpl.java:384) at org.apache.velocity.runtime.parser.node.ASTMethod.execute(ASTMethod.java:173) at org.apache.velocity.runtime.parser.node.ASTReference.execute(ASTReference.java:280) at org.apache.velocity.runtime.parser.node.ASTReference.value(ASTReference.java:567) at org.apache.velocity.runtime.parser.node.ASTExpression.value(ASTExpression.java:71) at org.apache.velocity.runtime.parser.node.ASTSetDirective.render(ASTSetDirective.java:142) at org.apache.velocity.runtime.parser.node.ASTBlock.render(ASTBlock.java:72) at org.apache.velocity.runtime.parser.node.SimpleNode.render(SimpleNode.java:342) at org.apache.velocity.runtime.parser.node.ASTIfStatement.render(ASTIfStatement.java:106) at org.apache.velocity.runtime.parser.node.ASTBlock.render(ASTBlock.java:72) at org.xwiki.velocity.introspection.TryCatchDirective.render(TryCatchDirective.java:72) at org.apache.velocity.runtime.parser.node.ASTDirective.render(ASTDirective.java:207) at org.apache.velocity.runtime.parser.node.SimpleNode.render(SimpleNode.java:342) at org.xwiki.velocity.internal.DefaultVelocityEngine.evaluateInternal(DefaultVelocityEngine.java:256) at org.xwiki.velocity.internal.DefaultVelocityEngine.evaluate(DefaultVelocityEngine.java:222) at org.xwiki.velocity.internal.DefaultVelocityEngine.evaluate(DefaultVelocityEngine.java:198) at com.xpn.xwiki.internal.template.InternalTemplateManager.evaluateContent(InternalTemplateManager.java:725) at com.xpn.xwiki.internal.template.InternalTemplateManager.render(InternalTemplateManager.java:626) at com.xpn.xwiki.internal.template.InternalTemplateManager.renderFromSkin(InternalTemplateManager.java:604) at com.xpn.xwiki.internal.template.InternalTemplateManager.renderFromSkin(InternalTemplateManager.java:570) at com.xpn.xwiki.internal.template.InternalTemplateManager.render(InternalTemplateManager.java:556) at com.xpn.xwiki.internal.template.DefaultTemplateManager.render(DefaultTemplateManager.java:65) at com.xpn.xwiki.XWiki.evaluateTemplate(XWiki.java:1900) at com.xpn.xwiki.XWiki.parseTemplate(XWiki.java:1878) at com.xpn.xwiki.api.XWiki.parseTemplate(XWiki.java:821) at sun.reflect.GeneratedMethodAccessor176.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:498) at org.apache.velocity.util.introspection.UberspectImpl$VelMethodImpl.doInvoke(UberspectImpl.java:395) at org.apache.velocity.util.introspection.UberspectImpl$VelMethodImpl.invoke(UberspectImpl.java:384) at org.apache.velocity.runtime.parser.node.ASTMethod.execute(ASTMethod.java:173) at org.apache.velocity.runtime.parser.node.ASTReference.execute(ASTReference.java:280) at org.apache.velocity.runtime.parser.node.ASTReference.render(ASTReference.java:369) at org.apache.velocity.runtime.parser.node.ASTBlock.render(ASTBlock.java:72) at org.apache.velocity.runtime.directive.VelocimacroProxy.render(VelocimacroProxy.java:216) at org.apache.velocity.runtime.directive.RuntimeMacro.render(RuntimeMacro.java:311) at org.apache.velocity.runtime.directive.RuntimeMacro.render(RuntimeMacro.java:230) at org.apache.velocity.runtime.parser.node.ASTDirective.render(ASTDirective.java:207) at org.apache.velocity.runtime.parser.node.SimpleNode.render(SimpleNode.java:342) at org.xwiki.velocity.internal.DefaultVelocityEngine.evaluateInternal(DefaultVelocityEngine.java:256) at org.xwiki.velocity.internal.DefaultVelocityEngine.evaluate(DefaultVelocityEngine.java:222) at org.xwiki.velocity.internal.DefaultVelocityEngine.evaluate(DefaultVelocityEngine.java:198) at com.xpn.xwiki.internal.template.InternalTemplateManager.evaluateContent(InternalTemplateManager.java:725) at com.xpn.xwiki.internal.template.InternalTemplateManager.render(InternalTemplateManager.java:626) at com.xpn.xwiki.internal.template.InternalTemplateManager.renderFromSkin(InternalTemplateManager.java:604) at com.xpn.xwiki.internal.template.InternalTemplateManager.renderFromSkin(InternalTemplateManager.java:570) at com.xpn.xwiki.internal.template.InternalTemplateManager.render(InternalTemplateManager.java:556) at com.xpn.xwiki.internal.template.DefaultTemplateManager.render(DefaultTemplateManager.java:65) at com.xpn.xwiki.XWiki.evaluateTemplate(XWiki.java:1900) at com.xpn.xwiki.XWiki.parseTemplate(XWiki.java:1878) at com.xpn.xwiki.api.XWiki.parseTemplate(XWiki.java:821) at sun.reflect.GeneratedMethodAccessor176.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:498) at org.apache.velocity.util.introspection.UberspectImpl$VelMethodImpl.doInvoke(UberspectImpl.java:395) at org.apache.velocity.util.introspection.UberspectImpl$VelMethodImpl.invoke(UberspectImpl.java:384) at org.apache.velocity.runtime.parser.node.ASTMethod.execute(ASTMethod.java:173) at org.apache.velocity.runtime.parser.node.ASTReference.execute(ASTReference.java:280) at org.apache.velocity.runtime.parser.node.ASTReference.render(ASTReference.java:369) at org.apache.velocity.runtime.parser.node.ASTBlock.render(ASTBlock.java:72) at org.apache.velocity.runtime.directive.VelocimacroProxy.render(VelocimacroProxy.java:216) at org.apache.velocity.runtime.directive.RuntimeMacro.render(RuntimeMacro.java:311) at org.apache.velocity.runtime.directive.RuntimeMacro.render(RuntimeMacro.java:230) at org.apache.velocity.runtime.parser.node.ASTDirective.render(ASTDirective.java:207) at org.apache.velocity.runtime.parser.node.ASTBlock.render(ASTBlock.java:72) at org.apache.velocity.runtime.parser.node.ASTIfStatement.render(ASTIfStatement.java:87) at org.apache.velocity.runtime.parser.node.ASTBlock.render(ASTBlock.java:72) at org.apache.velocity.runtime.parser.node.SimpleNode.render(SimpleNode.java:342) at org.apache.velocity.runtime.parser.node.ASTIfStatement.render(ASTIfStatement.java:106) at org.apache.velocity.runtime.parser.node.SimpleNode.render(SimpleNode.java:342) at org.xwiki.velocity.internal.DefaultVelocityEngine.evaluateInternal(DefaultVelocityEngine.java:256) at org.xwiki.velocity.internal.DefaultVelocityEngine.evaluate(DefaultVelocityEngine.java:222) at org.xwiki.velocity.internal.DefaultVelocityEngine.evaluate(DefaultVelocityEngine.java:198) at com.xpn.xwiki.internal.template.InternalTemplateManager.evaluateContent(InternalTemplateManager.java:725) at com.xpn.xwiki.internal.template.InternalTemplateManager.render(InternalTemplateManager.java:626) at com.xpn.xwiki.internal.template.InternalTemplateManager.renderFromSkin(InternalTemplateManager.java:604) at com.xpn.xwiki.internal.template.InternalTemplateManager.renderFromSkin(InternalTemplateManager.java:570) at com.xpn.xwiki.internal.template.InternalTemplateManager.render(InternalTemplateManager.java:556) at com.xpn.xwiki.internal.template.DefaultTemplateManager.render(DefaultTemplateManager.java:65) at com.xpn.xwiki.XWiki.evaluateTemplate(XWiki.java:1900) at com.xpn.xwiki.web.Utils.parseTemplate(Utils.java:180) at com.xpn.xwiki.web.XWikiAction.execute(XWikiAction.java:446) at com.xpn.xwiki.web.XWikiAction.execute(XWikiAction.java:193) at org.apache.struts.action.RequestProcessor.processActionPerform(RequestProcessor.java:425) at org.apache.struts.action.RequestProcessor.process(RequestProcessor.java:228) at org.apache.struts.action.ActionServlet.process(ActionServlet.java:1913) at org.apache.struts.action.ActionServlet.doGet(ActionServlet.java:449) at javax.servlet.http.HttpServlet.service(HttpServlet.java:687) at javax.servlet.http.HttpServlet.service(HttpServlet.java:790) at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:808) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1669) at com.xpn.xwiki.web.ActionFilter.doFilter(ActionFilter.java:115) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1652) at org.xwiki.wysiwyg.server.filter.ConversionFilter.doFilter(ConversionFilter.java:127) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1652) at org.xwiki.container.servlet.filters.internal.SetHTTPHeaderFilter.doFilter(SetHTTPHeaderFilter.java:63) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1652) at com.xpn.xwiki.plugin.webdav.XWikiDavFilter.doFilter(XWikiDavFilter.java:66) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1652) at org.xwiki.container.servlet.filters.internal.SavedRequestRestorerFilter.doFilter(SavedRequestRestorerFilter.java:208) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1652) at org.xwiki.container.servlet.filters.internal.SetCharacterEncodingFilter.doFilter(SetCharacterEncodingFilter.java:111) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1652) at org.xwiki.resource.servlet.RoutingFilter.doFilter(RoutingFilter.java:137) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1652) at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:585) at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:143) at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:577) at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:223) at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1127) at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:515) at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:185) at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1061) at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141) at org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:215) at org.eclipse.jetty.server.handler.HandlerCollection.handle(HandlerCollection.java:110) at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:97) at org.eclipse.jetty.server.Server.handle(Server.java:499) at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:310) at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:257) at org.eclipse.jetty.io.AbstractConnection$2.run(AbstractConnection.java:540) at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:635) at org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:555) at java.lang.Thread.run(Thread.java:745) Caused by: org.xwiki.velocity.XWikiVelocityException: Failed to evaluate content with id [xwiki:XWiki.ResetPasswordComplete] at org.xwiki.velocity.internal.DefaultVelocityEngine.evaluate(DefaultVelocityEngine.java:224) at org.xwiki.velocity.internal.DefaultVelocityEngine.evaluate(DefaultVelocityEngine.java:198) at org.xwiki.rendering.internal.macro.velocity.VelocityMacro.evaluateString(VelocityMacro.java:124) ... 148 more Caused by: org.apache.velocity.exception.MethodInvocationException: Invocation of method 'getEquivalentPassword' in class com.xpn.xwiki.objects.classes.PasswordClass threw exception java.lang.NullPointerException at 66:xwiki:XWiki.ResetPasswordComplete[line 37, column 90] at org.apache.velocity.runtime.parser.node.ASTMethod.handleInvocationException(ASTMethod.java:243) at org.apache.velocity.runtime.parser.node.ASTMethod.execute(ASTMethod.java:187) at org.apache.velocity.runtime.parser.node.ASTReference.execute(ASTReference.java:280) at org.apache.velocity.runtime.parser.node.ASTReference.value(ASTReference.java:567) at org.apache.velocity.runtime.parser.node.ASTExpression.value(ASTExpression.java:71) at org.apache.velocity.runtime.parser.node.ASTSetDirective.render(ASTSetDirective.java:142) at org.apache.velocity.runtime.parser.node.ASTBlock.render(ASTBlock.java:72) at org.apache.velocity.runtime.directive.VelocimacroProxy.render(VelocimacroProxy.java:216) at org.apache.velocity.runtime.directive.RuntimeMacro.render(RuntimeMacro.java:311) at org.apache.velocity.runtime.directive.RuntimeMacro.render(RuntimeMacro.java:230) at org.apache.velocity.runtime.parser.node.ASTDirective.render(ASTDirective.java:207) at org.apache.velocity.runtime.parser.node.ASTBlock.render(ASTBlock.java:72) at org.apache.velocity.runtime.parser.node.ASTIfStatement.render(ASTIfStatement.java:87) at org.apache.velocity.runtime.parser.node.ASTBlock.render(ASTBlock.java:72) at org.apache.velocity.runtime.directive.VelocimacroProxy.render(VelocimacroProxy.java:216) at org.apache.velocity.runtime.directive.RuntimeMacro.render(RuntimeMacro.java:311) at org.apache.velocity.runtime.directive.RuntimeMacro.render(RuntimeMacro.java:230) at org.apache.velocity.runtime.parser.node.ASTDirective.render(ASTDirective.java:207) at org.apache.velocity.runtime.parser.node.SimpleNode.render(SimpleNode.java:342) at org.xwiki.velocity.internal.DefaultVelocityEngine.evaluateInternal(DefaultVelocityEngine.java:256) at org.xwiki.velocity.internal.DefaultVelocityEngine.evaluate(DefaultVelocityEngine.java:222) ... 150 more Caused by: java.lang.NullPointerException at com.xpn.xwiki.objects.classes.PasswordClass.getEquivalentPassword(PasswordClass.java:203) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:498) at org.apache.velocity.util.introspection.UberspectImpl$VelMethodImpl.doInvoke(UberspectImpl.java:395) at org.apache.velocity.util.introspection.UberspectImpl$VelMethodImpl.invoke(UberspectImpl.java:384) at org.apache.velocity.runtime.parser.node.ASTMethod.execute(ASTMethod.java:173) ... 169 more
Expected result:
- The reset link from the email shouldn`t be valid any more. It should expire after a time you accessed it for the 1 st time.
