search

rero / rero-ils

Integrated Library System flavour of Invenio by RERO+.
http://ils.test.rero.ch
GNU Affero General Public License v3.0
72 stars 27 forks source link

Change password view: problem with certain characters #3405

Closed PascalRepond closed 9 months ago

PascalRepond commented 1 year ago

Bug description:

Trying to change a password with an invalid character raises an error in flask_security UnicodeDecodeError and seems to reset the password or leave it empty, preventing to log in again. (See Sentry RERO-ILS-33R).

Expected behavior:

If I try to change my password to an invalid character that will prevent unicode ASCII decoding, the interface should warn me and prevent me to click save, or at least cancel the password change function and keep the previous password.

Steps to Reproduce:

  1. Log in with any user
  2. Click "change my password"
  3. Enter a new password containing for example character "ë"
  4. See error and see that there is no way to login again with either previous or new password

Context

v1.17.0

PascalRepond commented 1 year ago

Grooming 30.08.2023: We need to see which module creates this problem and maybe open an issue there.

PascalRepond commented 11 months ago

We need to try to update invenio-accounts to at least >=2.0.0 and see if the problem still exists.