mattermost icon indicating copy to clipboard operation
mattermost copied to clipboard
verified publisher icon mattermost

mmctl: create user command does not provide a helpful error message if the password does not comply with settings

Open mattermod opened this issue 3 years ago • 12 comments

In case a provided password does not comply with the PasswordSettings, the error message misleads the user. The error message reads "Login failed because of invalid password." as it sounds like the user tried to login to the server.

The issue could be resolved with updating the translation api.user.check*user_password.invalid.app*error to be more explanatory. And the HTTP StatusCode should be “Bad Request” here: https://github.com/mattermost/mattermost-server/blob/b66fd1f89efa698fba5fc5e1c5dad350fa4f44f2/app/authentication.go#L81 for consistency.

https://github.com/mattermost/mmctl/issues/399

If you're interested please comment here and come join our "Contributors" community channel on our daily build server, where you can discuss questions with community members and the Mattermost core team. For technical advice or questions, please join our "Developers" community channel.

New contributors please see our Developer's Guide.

JIRA: https://mattermost.atlassian.net/browse/MM-39919

mattermod avatar Apr 05 '22 12:04 mattermod

Hello, I would like to take this one, please assign to me.

KevinSJ avatar Apr 07 '22 06:04 KevinSJ

HTTP StatusCode should be “Bad Request” here: https://github.com/mattermost/mattermost-server/blob/b66fd1f89efa698fba5fc5e1c5dad350fa4f44f2/app/authentication.go#L81

Hello, after looking through the code a bit, I believe the description for this issue is not quite right. That part of the code is checking if the password is correct, not whether the password satisfy the set requiremnt -- it is calling https://github.com/mattermost/mattermost-server/blob/b66fd1f89efa698fba5fc5e1c5dad350fa4f44f2/app/users/password.go#L14-L15 which is calling ComparePassword https://github.com/mattermost/mattermost-server/blob/92e647f1b9226d00bf6ac1423b63e822cda88476/app/users/password.go#L32-L33

Therefore, my conclusion is that this part of the code should be left as is.

My plan for resolving this issue is to modify the following lines: https://github.com/mattermost/mattermost-server/blob/92e647f1b9226d00bf6ac1423b63e822cda88476/app/user.go#L239-L240

We will need replace the string with the id in the respective error returned from the password validation function: https://github.com/mattermost/mattermost-server/blob/b66fd1f89efa698fba5fc5e1c5dad350fa4f44f2/app/users/password.go#L51-L57 https://github.com/mattermost/mattermost-server/blob/92e647f1b9226d00bf6ac1423b63e822cda88476/i18n/en.json#L8935-L8941

I'm not sure who to tag specifically, but my understanding on Golang is limited, so would be good if someone can confirm if my understanding and plan before I start?

KevinSJ avatar Apr 15 '22 06:04 KevinSJ

HTTP StatusCode should be “Bad Request” here: https://github.com/mattermost/mattermost-server/blob/b66fd1f89efa698fba5fc5e1c5dad350fa4f44f2/app/authentication.go#L81

Hello, after looking through the code a bit, I believe the description for this issue is not quite right. That part of the code is checking if the password is correct, not whether the password satisfy the set requiremnt -- it is calling

https://github.com/mattermost/mattermost-server/blob/b66fd1f89efa698fba5fc5e1c5dad350fa4f44f2/app/users/password.go#L14-L15

which is calling ComparePassword https://github.com/mattermost/mattermost-server/blob/92e647f1b9226d00bf6ac1423b63e822cda88476/app/users/password.go#L32-L33

Therefore, my conclusion is that this part of the code should be left as is.

My plan for resolving this issue is to modify the following lines:

https://github.com/mattermost/mattermost-server/blob/92e647f1b9226d00bf6ac1423b63e822cda88476/app/user.go#L239-L240

We will need replace the string with the id in the respective error returned from the password validation function:

https://github.com/mattermost/mattermost-server/blob/b66fd1f89efa698fba5fc5e1c5dad350fa4f44f2/app/users/password.go#L51-L57

https://github.com/mattermost/mattermost-server/blob/92e647f1b9226d00bf6ac1423b63e822cda88476/i18n/en.json#L8935-L8941

I'm not sure who to tag specifically, but my understanding on Golang is limited, so would be good if someone can confirm if my understanding and plan before I start?

cc @isacikgoz

amyblais avatar Apr 26 '22 14:04 amyblais

Thanks for taking care of this @KevinSJ, the issue doesn't tell the logic is incorrect, we just want the error message to be accurate. And you have a good point on changing the error id in: https://github.com/mattermost/mattermost-server/blob/5bd223c836a71c1148a3b5990fde6f22f2fdc1ed/app/user.go#L240

isacikgoz avatar Apr 29 '22 09:04 isacikgoz

Mind if I give this one a go?

escofresco avatar Dec 01 '23 04:12 escofresco

Surely, @escofresco ! Thanks :+1:

hanzei avatar Dec 01 '23 07:12 hanzei

@escofresco Are you still working on the ticket?

hanzei avatar Mar 25 '24 08:03 hanzei

Yes! Sorry for the delay

escofresco avatar Apr 11 '24 18:04 escofresco

@hanzei So... to move this forward all we have to do is reproduce KevinSJ's PR on the new branch from the current master branch?

TealWater avatar Aug 14 '24 18:08 TealWater

Yes, that would be a great starting point @TealWater :+1:

hanzei avatar Aug 29 '24 11:08 hanzei

@hanzei may I have this assignment

TealWater avatar Aug 30 '24 02:08 TealWater

Sure thing @TealWater :+1:

hanzei avatar Aug 30 '24 04:08 hanzei