Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Demote logging about invalid password reset to WARN #6382

Merged
merged 1 commit into from
Feb 26, 2025
Merged

Demote logging about invalid password reset to WARN #6382

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
24 changes: 11 additions & 13 deletions core/src/org/labkey/core/login/LoginController.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -377,9 +377,9 @@ public ModelAndView getView(RegisterForm form, BindException errors)
config.setIncludeLoginLink(false);
config.setIncludeSearch(false);

JspView jsp = new JspView("/org/labkey/core/login/register.jsp");
JspView<?> jsp = new JspView<>("/org/labkey/core/login/register.jsp");

WebPartView view = ModuleHtmlView.get(ModuleLoader.getInstance().getCoreModule(), "register");
WebPartView<?> view = ModuleHtmlView.get(ModuleLoader.getInstance().getCoreModule(), "register");
view.setFrame(WebPartView.FrameType.NONE);
jsp.setView("registerView", view);
return jsp;
Expand Down Expand Up @@ -841,13 +841,13 @@ private Pair<Boolean, String> attemptReset(String rawEmail, String providerName)

if (null == user)
{
_log.error("Password reset attempted for an email that doesn't match an existing account: " + email);
_log.warn("Password reset attempted for an email that doesn't match an existing account: {}", email);
return resetPasswordResponse(user, null, null);
}

if (!LoginManager.loginExists(user))
{
_log.error("Password reset attempted for an account that doesn't have a password: " + email);
_log.warn("Password reset attempted for an account that doesn't have a password: {}", email);
return resetPasswordResponse(user, "You cannot reset the password for your account because it doesn't have a password. This usually means you log in via LDAP or single sign-on. Contact a server administrator if you have questions.", "Reset Password failed: " + email + " does not have a password");
}

Expand Down Expand Up @@ -1003,7 +1003,7 @@ public Object execute(LoginForm form, BindException errors)
@RequiresNoPermission
@IgnoresTermsOfUse
@AllowedDuringUpgrade
public static class GetRegistrationConfigApiAction extends ReadOnlyApiAction
public static class GetRegistrationConfigApiAction extends ReadOnlyApiAction<Object>
{
@Override
public Object execute(Object o, BindException errors)
Expand Down Expand Up @@ -1033,7 +1033,7 @@ public Object execute(AgreeToTermsForm form, BindException errors)
}
}

private HttpView showLogin(LoginForm form, BindException errors, HttpServletRequest request, PageConfig page)
private HttpView<?> showLogin(LoginForm form, BindException errors, HttpServletRequest request, PageConfig page)
{
String email = form.getEmail();

Expand Down Expand Up @@ -1072,7 +1072,7 @@ else if (isAdminOnlyMode())
else if (request.getParameter("_skipAutoRedirect") == null)
{
// see if any of the SSO auth providers are set to autoRedirect from the login action
SSOAuthenticationConfiguration ssoAuthenticationConfiguration = AuthenticationManager.getAutoRedirectSSOAuthConfiguration();
SSOAuthenticationConfiguration<?> ssoAuthenticationConfiguration = AuthenticationManager.getAutoRedirectSSOAuthConfiguration();
if (ssoAuthenticationConfiguration != null)
return HttpView.redirect(ssoAuthenticationConfiguration.getLinkFactory().getURL(form.getReturnURLHelper(), form.getSkipProfile()));
}
Expand All @@ -1082,22 +1082,20 @@ else if (request.getParameter("_skipAutoRedirect") == null)
page.setIncludeSearch(false);
page.setTitle("Sign In");

WebPartView view = getLoginView(errors);

vBox.addView(view);
vBox.addView(getLoginView(errors));

return vBox;
}

private WebPartView getLoginView(BindException errors)
private WebPartView<?> getLoginView(BindException errors)
{
// Get the login page specified by controller-action in the Look and Feel Settings
// This is placed in showLogin() instead of the getLoginURL() to ensure that the logic above
// regarding 'server upgrade' and 'server startup' is executed regardless of the custom login action the user specified.
String loginController = "login";
String loginAction = "login";
String customLogin = StringUtils.trimToNull(LookAndFeelProperties.getInstance(getContainer()).getCustomLogin());
WebPartView view = null;
WebPartView<?> view = null;
if (null != customLogin)
{
ActionURL url = new ActionURL(customLogin);
Expand Down Expand Up @@ -1968,7 +1966,7 @@ protected String getTitle()
@Override
protected Supplier<String> getSuccessMessageSupplier(SetPasswordForm form)
{
return () -> form.getMessage();
return form::getMessage;
}

@Override
Expand Down