You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
When trying to utilize the challenge questions connector and recover one of the user's passwords via answering the challenge questions in v7.0.0, the following error occurs.
DEBUG {org.wso2.carbon.identity.challenge.questions.recovery.password.SecurityQuestionPasswordRecoveryManager} - No user found for recovery with username: 'TEST.@carbon.super
DEBUG {org.wso2.carbon.identity.challenge.questions.recovery.endpoint.impl.SecurityQuestionApiServiceImpl} - Client Error while initiating password recovery flow using security questions org.wso2.carbon.identity.recovery.IdentityRecoveryClientException: Invalid User 'TEST.'.
at java.base/jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at java.base/jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62)
at java.base/jdk.internal.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
at java.base/java.lang.reflect.Constructor.newInstance(Constructor.java:490)
at org.wso2.carbon.identity.base.IdentityException.error(IdentityException.java:78)
at org.wso2.carbon.identity.recovery.util.Utils.handleClientException(Utils.java:373)
at org.wso2.carbon.identity.challenge.questions.recovery.password.SecurityQuestionPasswordRecoveryManager.verifyUserExists(SecurityQuestionPasswordRecoveryManager.java:926)
at org.wso2.carbon.identity.challenge.questions.recovery.password.SecurityQuestionPasswordRecoveryManager.initiateUserChallengeQuestion(SecurityQuestionPasswordRecoveryManager.java:127)
at org.wso2.carbon.identity.challenge.questions.recovery.endpoint.impl.SecurityQuestionApiServiceImpl.securityQuestionGet(SecurityQuestionApiServiceImpl.java:98)
at org.wso2.carbon.identity.challenge.questions.recovery.endpoint.SecurityQuestionApi.securityQuestionGet(SecurityQuestionApi.java:65)
INFO {com.sun.jersey.api.client.filter.LoggingFilter} - 1 * Client in-bound response
1 < 400
1 < Transfer-Encoding: chunked
1 < Server: WSO2 Carbon Server
1 < X-WSO2-TraceId: b7979a90-0c59-440d-b4a6-72bafefb2d12
1 < Connection: close
1 < Set-Cookie: JSESSIONID=NEWJSESSIONID1234567890; Path=/api; Secure; HttpOnly
1 < Content-Type: application/json
1 <
{"code":"18003","message":"Bad Request","description":"Invalid User 'TEST'.","traceId":"32432-423-440d-423-7452fer2d12"}
DEBUG {org.wso2.carbon.identity.mgt.endpoint.util.client.ApiClient} - Response from the GET request made to url https://localhost:9445/api/identity/recovery/v0.9/security-question?username=%5C%27TEST.&tenant-domain=carbon.super
Response: status=400, statusMessage=Bad Request
The above error only occurs when a user having special characters in their username (i.e. "'TEST.") tries to use the challenge question based password recovery method (connector configured via [1]).
Ideally usernames with special characters need to be parsed correctly in the Recover API. This needs to be fixed.
Describe the issue:
When trying to utilize the challenge questions connector and recover one of the user's passwords via answering the challenge questions in v7.0.0, the following error occurs.
The above error only occurs when a user having special characters in their username (i.e. "'TEST.") tries to use the challenge question based password recovery method (connector configured via [1]).
Ideally usernames with special characters need to be parsed correctly in the Recover API. This needs to be fixed.
[1] - https://github.com/wso2-extensions/identity-challenge-questions/blob/main/docs/config.md
Optional Fields
Related issues:
Suggested labels:
The text was updated successfully, but these errors were encountered: