Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Change password view: problem with certain characters #3405

Closed
PascalRepond opened this issue Jul 13, 2023 · 2 comments · Fixed by #3550
Closed

Change password view: problem with certain characters #3405

PascalRepond opened this issue Jul 13, 2023 · 2 comments · Fixed by #3550
Labels
bug Breaks something but is not blocking client request Issue reported by production libraries

Comments

@PascalRepond
Copy link
Contributor

PascalRepond commented Jul 13, 2023
edited
Loading

Bug description:

Trying to change a password with an invalid character raises an error in flask_security UnicodeDecodeError and seems to reset the password or leave it empty, preventing to log in again. (See Sentry RERO-ILS-33R).

Expected behavior:

If I try to change my password to an invalid character that will prevent unicode ASCII decoding, the interface should warn me and prevent me to click save, or at least cancel the password change function and keep the previous password.

Steps to Reproduce:

  1. Log in with any user
  2. Click "change my password"
  3. Enter a new password containing for example character "ë"
  4. See error and see that there is no way to login again with either previous or new password

Context

v1.17.0
@PascalRepond PascalRepond added the bug Breaks something but is not blocking label Jul 13, 2023
@PascalRepond PascalRepond added the client request Issue reported by production libraries label Jul 13, 2023
@PascalRepond PascalRepond changed the title Change password view Change password view: problem with certain characters Jul 13, 2023
@PascalRepond PascalRepond moved this from Inbox to Product Backlog in RERO ILS issues Jul 24, 2023
@PascalRepond PascalRepond moved this from Product Backlog to Inbox in RERO ILS issues Aug 9, 2023
@PascalRepond PascalRepond moved this from Inbox to Product Backlog in RERO ILS issues Aug 9, 2023
@PascalRepond
Copy link
Contributor Author

Grooming 30.08.2023: We need to see which module creates this problem and maybe open an issue there.

@PascalRepond
Copy link
Contributor Author

We need to try to update invenio-accounts to at least >=2.0.0 and see if the problem still exists.

@PascalRepond PascalRepond moved this from Product Backlog to Inbox in RERO ILS issues Nov 16, 2023
jma added a commit to jma/rero-ils that referenced this issue Dec 13, 2023
@rerowep @jma
user: uses invenio access profile
0df5743 
* Replaces invenio-userprofile by the invenio access profile.
* Updates several packages.
* Moves `login_user_via_session` fonction in the tests as some problems
  occurs when a session merge is called between this function and the http
  request.
* Removes useless babel mock in the tests.
* Moves username from the invenio userprofile to the main user database.
* Adds a record constructor for a record `replace_refs` as it is not
  done anymore by invenio.
* Adds tests to check the existance of `_updated` and `_created` in the
  document index.
* Removes document types for elasticsearch operations.
* Adds marshmalow schema for user profile.
* Uses node 16 for the production images.
* Updates dependencies for Flask2.
* Corrects problems from newer modules.
* Closes rero#3405.

Co-Authored-by: Peter Weber <[email protected]>
Co-Authored-by: Johnny Mariéthoz <[email protected]>
@PascalRepond PascalRepond mentioned this issue Dec 14, 2023
Merged
@PascalRepond PascalRepond moved this from Inbox to Approved in RERO ILS issues Dec 14, 2023
jma added a commit to jma/rero-ils that referenced this issue Dec 19, 2023
@rerowep @jma
user: uses invenio access profile
da66c64 
* Replaces invenio-userprofile by the invenio access profile.
* Updates several packages.
* Moves `login_user_via_session` fonction in the tests as some problems
  occurs when a session merge is called between this function and the http
  request.
* Removes useless babel mock in the tests.
* Moves username from the invenio userprofile to the main user database.
* Adds a record constructor for a record `replace_refs` as it is not
  done anymore by invenio.
* Adds tests to check the existance of `_updated` and `_created` in the
  document index.
* Removes document types for elasticsearch operations.
* Adds marshmalow schema for user profile.
* Uses node 18 for the production images.
* Updates dependencies for Flask2.
* Corrects problems from newer modules.
* Closes rero#3405.

Co-Authored-by: Peter Weber <[email protected]>
Co-Authored-by: Johnny Mariéthoz <[email protected]>
jma added a commit to jma/rero-ils that referenced this issue Dec 21, 2023
@rerowep @jma
user: uses invenio access profile
ad887f4 
* Replaces invenio-userprofile by the invenio access profile.
* Updates several packages.
* Moves `login_user_via_session` fonction in the tests as some problems
  occurs when a session merge is called between this function and the http
  request.
* Removes useless babel mock in the tests.
* Moves username from the invenio userprofile to the main user database.
* Adds a record constructor for a record `replace_refs` as it is not
  done anymore by invenio.
* Adds tests to check the existance of `_updated` and `_created` in the
  document index.
* Removes document types for elasticsearch operations.
* Adds marshmalow schema for user profile.
* Uses node 18 for the production images.
* Updates dependencies for Flask2.
* Corrects problems from newer modules.
* Closes rero#3405.

Co-Authored-by: Peter Weber <[email protected]>
Co-Authored-by: Johnny Mariéthoz <[email protected]>
@jma jma closed this as completed in #3550 Dec 21, 2023
jma added a commit that referenced this issue Dec 21, 2023
@rerowep @jma
user: uses invenio access profile
9338171 
* Replaces invenio-userprofile by the invenio access profile.
* Updates several packages.
* Moves `login_user_via_session` fonction in the tests as some problems
  occurs when a session merge is called between this function and the http
  request.
* Removes useless babel mock in the tests.
* Moves username from the invenio userprofile to the main user database.
* Adds a record constructor for a record `replace_refs` as it is not
  done anymore by invenio.
* Adds tests to check the existance of `_updated` and `_created` in the
  document index.
* Removes document types for elasticsearch operations.
* Adds marshmalow schema for user profile.
* Uses node 18 for the production images.
* Updates dependencies for Flask2.
* Corrects problems from newer modules.
* Closes #3405.

Co-Authored-by: Peter Weber <[email protected]>
Co-Authored-by: Johnny Mariéthoz <[email protected]>
@github-project-automation github-project-automation bot moved this from Approved to Done in RERO ILS issues Dec 21, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Breaks something but is not blocking client request Issue reported by production libraries
Projects
RERO ILS issues
Archived in project
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

user: uses invenio access profile jma/rero-ils
1 participant
@PascalRepond