[MacCoss] Issue 50841: Include detail when basic auth password matches but does not meet complexity rules #5692
Description
- Dev work @labkey-adam
- Fix automated tests @labkey-adam
- Test Python client API @labkey-nicka
- Test R client API @labkey-klum
- Valid password which doesn't meet complexity requirements. Server log shows :
failed to login: password does not meet the complexity requirements - However the client is just seeing this message
"exception" : "User does not have permission to perform this operation.". Perhaps still throwingUnauthorizedException?
- Valid password which doesn't meet complexity requirements. Server log shows :
Test scenario:
- Valid credentials
- Bad credentials
- Credentials that match the stored password but are expired
-- Note the Database Authentication "expire every five seconds" option that makes testing this easy - Credentials that match the stored password but don't meet current complexity requirements
-- Reduce complexity requirement
-- Create user and set minimal password
-- Raise complexity requirement
-- Make API call with minimal credentials
-- Verify response includes message about complexity rule and needing to change password
Metadata
Metadata
Assignees
Labels
No labels