neos
FEATURE: Capture exceptions when creating new user or updating password
This PR replaces #3901.
Upgrade instructions
Creating a user or changing the password will no longer throw an exception with a 500 error page but instead show the error in a flash message. This is done by wrapping UserService::addUser() and UserService::setUserPassword() with a try-catch block.
Review instructions
This PR changes the exception handling when creating new users or updating passwords by wrapping the used methods (UserService::addUser() and UserService::setUserPassword()) inside a try catch block and showing an error message (FlashMessage) if there was an exception.
That way it will be easier to extend Neos and add some password checks without showing a 500 error page in the Neos backend, which is currently the case with JvMTECH.NeosHardening (see jvm-tech/JvMTECH.NeosHardening#2) and maybe others.
With the adjusted code you can add checks to the password through an Aspect and simply throw an exception, if the requirements do not pass.
Checklist
- [x] Code follows the PSR-2 coding style
- [ ] Tests have been created, run and adjusted as needed
- [x] The PR is created against the lowest maintained branch
- [ ] Reviewer - PR Title is brief but complete and starts with
FEATURE|TASK|BUGFIX - [ ] Reviewer - The first section explains the change briefly for change-logs
- [ ] Reviewer - Breaking Changes are marked with
!!!and have upgrade-instructions
