This repository was archived by the owner on Feb 12, 2023. It is now read-only.
Description Software and hardware versions
Ubuntu 18.04 x64 on DigitalOcean, Aggregate v2.0.3, Java OpenJDK 1.8.0_212
Problem description
Trying to authenticate as a user that hasn't had a password set for them results in a 500 error.
This actually shows to the user in Collect as a 500 but Briefcase shows the standard "incorrect credentials" error.
Steps to reproduce the problem
I found this playing around in Collect but the easiest way to reproduce is:
Log in as an Admin to Aggregate on the web
Add a new user with just a username - do not set a password
Log out
Log back in as your new user
You'll see a 500 error page.
Expected behavior
Could go a few of ways on this:
Aggregate accepts blank password users and so either ignores the submitted password or matches "". Not sure that's a great idea.
Aggregate doesn't allow the user to create a user without a password - it looks like this would require a slightly different user creation flow.
Aggregate sends a different error back in this case so the user knows they have not been setup correctly.
Other information
Here's the stack trace:
org .springframework .security .authentication .AuthenticationCredentialsNotFoundException : User test does not have a password configured . You must close and re -open your browser to clear this error .
org .opendatakit .common .security .spring .UserDetailsServiceImpl .loadUserByUsername (UserDetailsServiceImpl .java :172 )
org .springframework .security .web .authentication .www .DigestAuthenticationFilter .doFilter (DigestAuthenticationFilter .java :159 )
org .opendatakit .common .security .spring .DigestAuthenticationFilter .doFilter (DigestAuthenticationFilter .java :37 )
org .springframework .security .web .FilterChainProxy$VirtualFilterChain .doFilter (FilterChainProxy .java :331 )
org .opendatakit .common .security .spring .OutOfBandUserFilter .doFilter (OutOfBandUserFilter .java :102 )
org .springframework .security .web .FilterChainProxy$VirtualFilterChain .doFilter (FilterChainProxy .java :331 )
org .opendatakit .common .security .spring .Oauth2ResourceFilter .doFilter (Oauth2ResourceFilter .java :344 )
org .springframework .security .web .FilterChainProxy$VirtualFilterChain .doFilter (FilterChainProxy .java :331 )
org .springframework .security .web .authentication .logout .LogoutFilter .doFilter (LogoutFilter .java :116 )
org .springframework .security .web .FilterChainProxy$VirtualFilterChain .doFilter (FilterChainProxy .java :331 )
org .springframework .security .web .context .SecurityContextPersistenceFilter .doFilter (SecurityContextPersistenceFilter .java :105 )
org .springframework .security .web .FilterChainProxy$VirtualFilterChain .doFilter (FilterChainProxy .java :331 )
org .springframework .security .web .access .channel .ChannelProcessingFilter .doFilter (ChannelProcessingFilter .java :157 )
org .springframework .security .web .FilterChainProxy$VirtualFilterChain .doFilter (FilterChainProxy .java :331 )
org .springframework .security .web .FilterChainProxy .doFilterInternal (FilterChainProxy .java :214 )
org .springframework .security .web .FilterChainProxy .doFilter (FilterChainProxy .java :177 )
org .springframework .web .filter .DelegatingFilterProxy .invokeDelegate (DelegatingFilterProxy .java :346 )
org .springframework .web .filter .DelegatingFilterProxy .doFilter (DelegatingFilterProxy .java :262 )And a screenshot:
Reactions are currently unavailable
Software and hardware versions
Ubuntu 18.04 x64 on DigitalOcean, Aggregate v2.0.3, Java OpenJDK 1.8.0_212
Problem description
Trying to authenticate as a user that hasn't had a password set for them results in a 500 error.
This actually shows to the user in Collect as a 500 but Briefcase shows the standard "incorrect credentials" error.
Steps to reproduce the problem
I found this playing around in Collect but the easiest way to reproduce is:
You'll see a 500 error page.
Expected behavior
Could go a few of ways on this:
Other information
Here's the stack trace:
And a screenshot: