CODEWITHSUNDEEP
wso2wso2-identity-server
bneuman
bneuman

Reputation: 79

WSO2 Identity Server - UserInformationRecoveryService not returning needed error message on invalid password

I am trying to use the WSO2 Identity Server 5.0.0 UserInformationRecoveryService but it does not appear to properly handle invalid passwords when calling "registerUser()". I would expect the service to return some information informing the client that the password is invalid but instead I get a 500 error and the following exception:

org.wso2.carbon.identity.mgt.stub.UserInformationRecoveryServiceIdentityMgtServiceExceptionException: UserInformationRecoveryServiceIdentityMgtServiceExceptionException

The exception provides no meaningful message.

The wso2carbon log clearly logs the problem as:

"ERROR - Password pattern policy violated. Password should contain a digit[0-9], a lower case letter[a-z], an upper case letter[A-Z], one of !@#$%&* characters {org.wso2.carbon.identity.mgt.IdentityMgtEventListener}"

Shouldn't the SOAP service return some useful information regarding the invalid password? As it is, I can not assume that the exception thrown is unique to invalid passwords and provide a meaningful message on the client side.

Is this a bug? Is there any way I can get an appropriate message from the soap service?

Thanks. Ben

Upvotes: 2

Views: 265

Answers (1)

Bryan
Bryan

Reputation: 23

I know this is old, but I just finished setting up this same scenario.

It isn't a bug, exactly. Just their choice of implementation. I agree that out of box their error messages are lacking. Rather than fiddle with the SOAP response to get an error message to return in this instance, just add some javascript text validation on the client side. 

<script type="text/javascript">
    var re = /(?=.*\d)(?=.*[a-z])(?=.*[A-Z])(?=.*[!@#$%&*])/;
    function doSubmit() {
    var pass = document.getElementById("password").value
    var confPass = document.getElementById("confirmPassword").value
    if (pass != confPass) {
        alert('Password do not match. Please correct');
    } 
    else if (!re.test(pass)){
        alert('Password must contain at least one lowercase letter, an uppercase letter, a number, and one of (!@#$%&*). Please correct');
    }
    else {
        document.getElementById("resetPasswordForm").submit();
    }
}

Upvotes: 1

Related Questions