Uploaded image for project: 'OpenIDM'
  1. OpenIDM
  2. OPENIDM-12359

Changing "Identity Email Field" in "User Query Form" from "mail" to another managed object property throws an error

    Details

      Description

      Summary:
      It is not possible to change the "Identity Email Field" in the User Self Service > Password Reset > User Query Form settings from "mail" to any other managed object property such as "personalEmail"

      Reproduction Steps:
      1.) Install a fresh instance of OpenIDM
      2.) Add a "personalEmail" property under Managed/users
      3.) Add a new managed user and fill out the following fields; userName, givenName, sn, password, mail and personalEmail (make sure to enter different email addresses in the mail and personalEmail fields)
      4.) Configure outbound emails.
      5.) Enable the USER SELF-SERVICE PASSWORD RESET
      6.) Disable security questions as a requirement for password resets
      7.) For the User Query Form set the fields as follows:
      Valid Query Fields: _id, personalEmail, userName
      Identity Id Field: _id
      Identity Email Field: personalEmail
      Identity Username Field: userName
      Next go through the password reset steps using local OpenIDM instance and receive the following error:

      "password reset link is invalid"

      The following is from the audit log from that instance (/openidm/audit/access.audit.json):
      {"roles":["openidm-reg"],"transactionId":"d1ad69a3-ed5b-4475-a179-481e7ab6b292-418225","client":

      {"ip":"0:0:0:0:0:0:0:1","port":57905}

      ,"server":

      {"ip":"0:0:0:0:0:0:0:1","port":8443}

      ,"http":{"request":{"secure":true,"method":"POST","path":"https://localhost:8443/openidm/selfservice/reset","queryParameters":

      {"_action":["submitRequirements"]}

      ,"headers":

      {"Accept":["application/json, text/javascript, */*; q=0.01"],"Accept-API-Version":["protocol=1.0,resource=1.0"],"Accept-Encoding":["gzip, deflate, br"],"Accept-Language":["en-us"],"Cache-Control":["no-cache"],"Connection":["keep-alive"],"Content-Length":["1344"],"Content-Type":["application/json"],"DNT":["1"],"Host":["localhost:8443"],"Origin":["https://localhost:8443"],"Referer":["https://localhost:8443/"],"User-Agent":["Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36"],"X-OpenIDM-NoSession":["true"],"X-OpenIDM-Username":["anonymous"],"X-Requested-With":["XMLHttpRequest"]}

      ,"cookies":

      {"i18next":"en-us","login":"openidm-admin"}

      }},"request":{"protocol":"CREST","operation":"ACTION","detail":{"action":"submitRequirements"}},"eventName":"access","userId":"anonymous","response":{"status":"FAILED","statusCode":"400","elapsedTime":21,"elapsedTimeUnits":"MILLISECONDS","detail":{"code":400,"reason":"Bad Request","message":"Password reset link is invalid"}},"timestamp":"2019-01-10T23:38:55.501Z","_id":"d1ad69a3-ed5b-4475-a179-481e7ab6b292-418237"}

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                brmiller Brendan Miller
                Reporter:
                jeremy.barras Jeremy Barras [X] (Inactive)
              • Votes:
                1 Vote for this issue
                Watchers:
                14 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: