Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-9783

json/users changePassword returns the wrong error message with multiple datastores

    Details

    • Target Version/s:
    • Support Ticket IDs:
    • Verified Version/s:
    • Needs QA verification:
      Yes
    • Are the reproduction steps defined?:
      Yes and I used the same an in the description

      Description

      An attempt to change a password via json/users can show the error "Identity <user> of type user not found" when multiple datastores are configured.

      Steps to reproduce:
      1. Install OpenAM with embedded config store containing user 'demo'.
      2. Configure a second datastore in the root realm. This datastore should not contain a 'demo' user.
      3. Login as demo and try to change password through:

      curl 'http://openam.example.com:8080/openam/json/users/demo?_action=changePassword' -H 'Content-Type: application/json'  -H 'Cookie:  iPlanetDirectoryPro=AQIC5wM2LY4SfcxEhnezSVV0EJXiKdZxjFV_k4fhwzQs8SQ.*AAJTSQACMDEAAlNLABQtOTE1NjYyNjU2NjI3MTQzMTY2MgACUzEAAA..*' --data-binary '{"username":"demo","currentpassword":"wrongpassword","userpassword":"changeit"}' 
      

      or use http://openam.example.com:8080/openam/XUI/#profile/password
      and when prompted for the current password, enter the wrong one.

      Expected result:
      HTTP 400:

      {"code":400,"reason":"Bad Request","message":"Old password is incorrect."}

      Actual result:
      HTTP 404:

      {"code":404,"reason":"Not Found","message":"Identity demo of type user not found."}

      Another case would be if an OpenDJ password policy was enabled which prevented re-use of old passwords. In this case:

      Expected result:

      {"code":400,"reason":"Bad Request","message":"The provided new password was found in the password history for the user"}

      Actual result:
      HTTP 404:

      {"code":404,"reason":"Not Found","message":"Identity demo of type user not found."}

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                lawrence.yarham Lawrence Yarham
                Reporter:
                andrew.dunn Andrew Dunn [X] (Inactive)
              • Votes:
                0 Vote for this issue
                Watchers:
                6 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: