recover-password API not working correctly when userstore domain is not provided #19181

ShehanDinuka · 2024-01-25T17:10:24Z

Describe the issue:

When userstore domain is not provided for the api/identity/recovery/v0.9/recover-password API, it is throwing an internal server error.

ERROR {org.wso2.carbon.identity.recovery.endpoint.impl.RecoverPasswordApiServiceImpl} - Unable to find an user with username: null/shehand in the system.
[2024-01-25 22:50:21,238] [4be88295-0f4b-4c81-af04-91ae066e47c1] ERROR {org.wso2.carbon.identity.recovery.endpoint.impl.RecoverPasswordApiServiceImpl} - Error occurred in the server while performing the task. org.wso2.carbon.identity.recovery.IdentityRecoveryServerException: Unexpected error
	at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
	at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62)
	at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
	at java.lang.reflect.Constructor.newInstance(Constructor.java:423)
	at org.wso2.carbon.identity.base.IdentityException.error(IdentityException.java:100)
	at org.wso2.carbon.identity.recovery.util.Utils.handleServerException(Utils.java:324)
	at org.wso2.carbon.identity.recovery.password.NotificationPasswordRecoveryManager.isExistingUser(NotificationPasswordRecoveryManager.java:218)
	at org.wso2.carbon.identity.recovery.password.NotificationPasswordRecoveryManager.sendRecoveryNotification(NotificationPasswordRecoveryManager.java:122)
	at org.wso2.carbon.identity.recovery.endpoint.impl.RecoverPasswordApiServiceImpl.recoverPasswordPost(RecoverPasswordApiServiceImpl.java:86)
	at org.wso2.carbon.identity.recovery.endpoint.RecoverPasswordApi.recoverPasswordPost(RecoverPasswordApi.java:45)
	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
	at java.lang.reflect.Method.invoke(Method.java:498)
	at org.apache.cxf.service.invoker.AbstractInvoker.performInvocation(AbstractInvoker.java:179)
	at org.apache.cxf.service.invoker.AbstractInvoker.invoke(AbstractInvoker.java:96)
	at org.apache.cxf.jaxrs.JAXRSInvoker.invoke(JAXRSInvoker.java:201)
	at org.apache.cxf.jaxrs.JAXRSInvoker.invoke(JAXRSInvoker.java:104)
	at org.apache.cxf.interceptor.ServiceInvokerInterceptor$1.run(ServiceInvokerInterceptor.java:59)
	at org.apache.cxf.interceptor.ServiceInvokerInterceptor.handleMessage(ServiceInvokerInterceptor.java:96)
	at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:308)
	at org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:121)
	at org.apache.cxf.transport.http.AbstractHTTPDestination.invoke(AbstractHTTPDestination.java:265)
	at org.apache.cxf.transport.servlet.ServletController.invokeDestination(ServletController.java:234)
	at org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:208)
	at org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:160)
	at org.apache.cxf.transport.servlet.CXFNonSpringServlet.invoke(CXFNonSpringServlet.java:225)
	at org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(AbstractHTTPServlet.java:304)
	at org.apache.cxf.transport.servlet.AbstractHTTPServlet.doPost(AbstractHTTPServlet.java:217)
	at javax.servlet.http.HttpServlet.service(HttpServlet.java:555)
	at org.apache.cxf.transport.servlet.AbstractHTTPServlet.service(AbstractHTTPServlet.java:279)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:209)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:153)
	at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:51)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:178)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:153)
	at org.wso2.carbon.identity.captcha.filter.CaptchaFilter.doFilter(CaptchaFilter.java:172)
	at org.wso2.carbon.identity.captcha.filter.CaptchaFilter.doFilter(CaptchaFilter.java:132)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:178)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:153)
	at org.wso2.carbon.ui.filters.cache.ContentTypeBasedCachePreventionFilter.doFilter(ContentTypeBasedCachePreventionFilter.java:53)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:178)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:153)
	at org.apache.catalina.filters.HttpHeaderSecurityFilter.doFilter(HttpHeaderSecurityFilter.java:129)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:178)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:153)
	at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:168)
	at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:90)
	at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:481)
	at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:130)
	at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:93)
	at org.wso2.carbon.identity.context.rewrite.valve.TenantContextRewriteValve.invoke(TenantContextRewriteValve.java:107)
	at org.wso2.carbon.identity.cors.valve.CORSValve.invoke(CORSValve.java:93)
	at org.wso2.carbon.identity.authz.valve.AuthorizationValve.invoke(AuthorizationValve.java:102)
	at org.wso2.carbon.identity.auth.valve.AuthenticationValve.invoke(AuthenticationValve.java:140)
	at org.wso2.carbon.tomcat.ext.valves.CompositeValve.continueInvocation(CompositeValve.java:101)
	at org.wso2.carbon.tomcat.ext.valves.TomcatValveContainer.invokeValves(TomcatValveContainer.java:49)
	at org.wso2.carbon.tomcat.ext.valves.CompositeValve.invoke(CompositeValve.java:62)
	at org.wso2.carbon.tomcat.ext.valves.CarbonStuckThreadDetectionValve.invoke(CarbonStuckThreadDetectionValve.java:145)
	at org.wso2.carbon.extension.identity.x509Certificate.valve.X509CertificateAuthenticationValve.invoke(X509CertificateAuthenticationValve.java:59)
	at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:670)
	at org.wso2.carbon.tomcat.ext.valves.CarbonContextCreatorValve.invoke(CarbonContextCreatorValve.java:57)
	at org.wso2.carbon.tomcat.ext.valves.RequestEncodingValve.invoke(RequestEncodingValve.java:49)
	at org.wso2.carbon.tomcat.ext.valves.RequestCorrelationIdValve.invoke(RequestCorrelationIdValve.java:126)
	at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:74)
	at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:342)
	at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:390)
	at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:63)
	at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:928)
	at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1794)
	at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:52)
	at org.apache.tomcat.util.threads.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1191)
	at org.apache.tomcat.util.threads.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:659)
	at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
	at java.lang.Thread.run(Thread.java:750)
Caused by: org.wso2.carbon.user.core.UserStoreException: Invalid Domain Name
	at org.wso2.carbon.user.core.common.AbstractUserStoreManager.callSecure(AbstractUserStoreManager.java:218)
	at org.wso2.carbon.user.core.common.AbstractUserStoreManager.isExistingUser(AbstractUserStoreManager.java:6268)
	at org.wso2.carbon.identity.recovery.password.NotificationPasswordRecoveryManager.isExistingUser(NotificationPasswordRecoveryManager.java:210)
	... 68 more
Caused by: java.security.PrivilegedActionException: java.lang.reflect.InvocationTargetException
	at java.security.AccessController.doPrivileged(Native Method)
	at org.wso2.carbon.user.core.common.AbstractUserStoreManager.callSecure(AbstractUserStoreManager.java:204)
	... 70 more
Caused by: java.lang.reflect.InvocationTargetException
	at sun.reflect.GeneratedMethodAccessor154.invoke(Unknown Source)
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
	at java.lang.reflect.Method.invoke(Method.java:498)
	at org.wso2.carbon.user.core.common.AbstractUserStoreManager$2.run(AbstractUserStoreManager.java:207)
	... 72 more
Caused by: org.wso2.carbon.user.core.UserStoreException: Invalid Domain Name
	at org.wso2.carbon.user.core.common.AbstractUserStoreManager.getUserStoreInternal(AbstractUserStoreManager.java:7305)
	at org.wso2.carbon.user.core.common.AbstractUserStoreManager.lambda$getUserStore$10(AbstractUserStoreManager.java:7242)
	at java.security.AccessController.doPrivileged(Native Method)
	at org.wso2.carbon.user.core.common.AbstractUserStoreManager.getUserStore(AbstractUserStoreManager.java:7242)
	at org.wso2.carbon.user.core.common.AbstractUserStoreManager.isExistingUser(AbstractUserStoreManager.java:6276)
	... 76 more

How to reproduce:

Invoke api/identity/recovery/v0.9/recover-password with below payload.

curl --location 'https://localhost:9443/api/identity/recovery/v0.9/recover-password?type=email&notify=false' \
--header 'Content-Type: application/json' \
--header 'Authorization: Basic YWRtaW46YWRtaW4=' \
--data '{
  "user": {
    "username": "shehand"
  }
}'

Expected behavior:

Even though userstore domain is not provided, API should work as expected without throwing errors.

Environment information (Please complete the following information; remove any unnecessary fields) :

Product Version: IS 5.11.0
OS: Linux
Database: H2
Userstore: LDAP

Optional Fields

Related issues:

#18637

The text was updated successfully, but these errors were encountered:

RushanNanayakkara · 2024-02-12T08:35:38Z

Closing as completed for the identified product.

ShehanDinuka added the Type/Bug label Jan 25, 2024

This was referenced Jan 26, 2024

Ignore user realm attribute when set to null wso2-extensions/identity-governance#800

Closed

Change implementation for adding user realm to username in password recovery flow. wso2-extensions/identity-governance#803

Closed

RushanNanayakkara mentioned this issue Feb 6, 2024

Change exception thrown when realm not found for a given name and include error code in exception thrown. wso2/carbon-kernel#3846

Open

RushanNanayakkara closed this as completed Feb 12, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

recover-password API not working correctly when userstore domain is not provided #19181

recover-password API not working correctly when userstore domain is not provided #19181

ShehanDinuka commented Jan 25, 2024 •

edited

Loading

RushanNanayakkara commented Feb 12, 2024

recover-password API not working correctly when userstore domain is not provided #19181

recover-password API not working correctly when userstore domain is not provided #19181

Comments

ShehanDinuka commented Jan 25, 2024 • edited Loading

Optional Fields

RushanNanayakkara commented Feb 12, 2024

ShehanDinuka commented Jan 25, 2024 •

edited

Loading