Fix Fatal error when changing password when password_policy_history is enabled

Created on 2 August 2024, 5 months ago
Updated 21 August 2024, 4 months ago

Problem/Motivation

A changed in 📌 Fix Validate pipeline Fixed - specifically this change https://git.drupalcode.org/project/password_policy/-/commit/c02ec557f44d... causes a fatal error.

Input bag will never return an array - it throws an exception if the param value is a not a scalar.

This exception is not caught, which means users get a 500 error and can not change their password.

Steps to reproduce

  1. Enabled password_policy_history
  2. Either create/edit user
  3. Change a password through the UI
  4. Get a fatal error
🐛 Bug report
Status

Fixed

Version

4.0

Component

Code

Created by

🇳🇿New Zealand ericgsmith

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Merge Requests

Comments & Activities

  • Issue created by @ericgsmith
  • Pipeline finished with Success
    5 months ago
    Total: 228s
    #241157
  • Status changed to Needs review 5 months ago
  • Status changed to RTBC 5 months ago
  • 🇺🇦Ukraine rollins

    I can confirm that changes from the MR make sense here
    It will prevent us to have the fatal error

  • 🇮🇳India ankitv18

    Left a comment otherwise looks good

  • 🇳🇿New Zealand ericgsmith

    Fixed the comment, thanks for spotting that

  • Pipeline finished with Success
    5 months ago
    Total: 215s
    #243765
  • 🇦🇺Australia yeniatencio

    Creating patch based on @ericgsmith as need an urgent solution in the meantime.

  • 🇷🇴Romania Kosa Ilma

    I get the same error, the patch from #9 fixed the error.
    Thank you!

  • 🇮🇳India vishalkhode

    Changes looks good to me. However, If we add test coverage for the same, that would be great.

  • 🇯🇴Jordan Rajab Natshah Jordan

    Facing the same issue.
    Thanks, the MR and patch in #9 are working.

  • First commit to issue fork.
  • Pipeline finished with Success
    5 months ago
    Total: 202s
    #246668
  • Pipeline finished with Success
    5 months ago
    Total: 202s
    #246681
  • Status changed to Needs review 5 months ago
  • Added test coverage in the newly created testPasswordResetBehaviorsUi() as it covers specific scenario, however reused the existing test file as most of code can be leverage from it rather than creating separate test file & applied a super nitpicky :void return on the existing test function as well. Apart form it nothing seems to be left.

    Please review, moving NR

  • Status changed to Needs work 5 months ago
  • 🇮🇳India ankitv18

    Thanks for covering the test but it would be great if it is in password_policy_history sub-module.

  • Thanks for reviewing, kept the test coverage in the main module by considering some couple of things like:

    1. if issue is from the password_policy module itself then still error 'll be caught, no additional code meed to write in that scenario
    2. More or less same code can be leverage as it added in the existing test file from the optimisation perspective

    Any specific concerns/suggestions over it?

  • Status changed to Needs review 5 months ago
  • Status changed to Needs work 5 months ago
  • 🇮🇳India vishalkhode

    @pooja_sharma: Thanks for the adding test coverage, let's not add tests in PasswordResetBehaviorsTest as that test is specifically to validating password reset functionality. And here we want verify password_history functionality, so that it doesn't accept repeated password. Lets see if we can add test coverage for following:

    • Password History constraint works as expected.
    • When user try to provide the same password again from UI, it throws an error.

    For this, we can either update the existing tests i.e PasswordPolicyInterfaceTest.php or we can add a new tests in password_history submodule similar to PasswordCharacterOperationsTest.php

  • Pipeline finished with Success
    5 months ago
    Total: 211s
    #246931
  • Pipeline finished with Success
    5 months ago
    Total: 192s
    #246941
  • Status changed to RTBC 5 months ago
  • 🇮🇳India ankitv18

    Looks good ~~RTBC

  • Thanks @vishalkhode for providing detailed suggestions, chosen the first opt (to update the existing tests i.e PasswordPolicyInterfaceTest.php), as I need to add only minimal single line code for the test coverage along with leverage complete developed code, I believe if similar issue encounter by any other sub-module that can also be cover similarly (test coverage perspective).

  • Pipeline finished with Skipped
    5 months ago
    #247102
  • Status changed to Fixed 5 months ago
  • 🇮🇳India vishalkhode

    Thanks @pooja_sharma, changes looks good to me. Verified and it's seems to be working fine. However, I also noticed that we don't have test coverage which checks for Password Policy history constraint, but that's fine, we can create a separate ticket for it and fix it there. Hence, merged.
    Thanks everyone for working on this.

  • Automatically closed - issue fixed for 2 weeks with no activity.

Production build 0.71.5 2024