Uploaded image for project: 'XWiki Platform'
  1. XWiki Platform
  2. XWIKI-16831

Reset password should not allow empty passwords (which can prevent the user to login anymore on the wiki)

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 10.11.9, 11.3.5, 11.9
    • Fix Version/s: 10.11.10, 11.3.7
    • Component/s: None
    • Labels:
      None
    • Environment:
      Windows 10 Pro 64 bit, Firefox 70, using a local instance of XWiki 11.9 on Oracle 12c
    • Difficulty:
      Unknown
    • Documentation:
      N/A
    • Documentation in Release Notes:
      N/A
    • Similar issues:

      Description

      Preconditions: an user U1 already exists and has a valid email set on its profile.

      STEPS TO REPRODUCE

      1. Click on Drawer, Login
      2. Click 'Forgot your password'
      3. Fill the username
      4. Click 'Reset password'
      5. Click on the link from the email received by the user
      6. Fill some empty spaces on the 'New Password' and 'Re-enter New Password' fields
      7. Click 'Save'

      EXPECTED RESULTS

      A hint is displayed below the 'New Password' and 'Re-enter New Password' fields informing the user that the password cannot be empty (warning like 'Password cannot contain only empty spaces').

      ACTUAL RESULTS

      The password is saved with empty spaces. Furthermore, the user cannot login on the wiki anymore, as it gets:

      Error: No password given

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                surli Simon Urli
                Reporter:
                iandriuta Ilie Andriuta
              • Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:
                  Date of First Response: