search

wso2 / product-is

Welcome to the WSO2 Identity Server source code! For info on working with the WSO2 Identity Server repository and contributing code, click the link below.
http://wso2.github.io/
Apache License 2.0
748 stars 730 forks source link

Intermittent Server Failed Error is thrown when recaptcha configured with security question based password recovery #4969

Closed ShanikaWickramasinghe closed 4 weeks ago

ShanikaWickramasinghe commented 5 years ago

Suggested Labels Affected : 5.8.0- alpha5 Severity: Major Priority: High Component: Password Recovery Type-Bug

Environment Linux, Embedded LDAP UserStore,

Steps to Reproduce the issue

  1. Followed [1] and enabled Recaptcha
  2. Configure recaptcha for security question based password recovery [2] and set some questions for pw recovery as in [3]
  3. Add a user and assign the default admin role
  4. Access the dashboard
  5. Click on Forgot password
  6. Enter created users username, select the option recover with security questions and click on the recptcha I am not a robot
  7. select the pictures as given in the recaptcha
  8. Click submit
  9. Will display security questions page
  10. type 3 wrong answers (Max Failed Attempts for ReCaptcha = 2 and Maximum Failed Login Attempts = 5)
  11. Will get the recaptcha window
  12. exit from the dashboard
  13. In a new incognito window again access the dashboard and re do the above steps

Observation When you come to the recover question page even without attempting wrong answers when you just get the page you get the recaptcha window as in attached image. It seems it keeps the earlier attempts results and the 2nd process start from where the user exit the system in the 1 st attempt. And intermittently observing below exception in similar situations. 

[2019-04-05 15:21:39,136]  INFO {org.wso2.carbon.identity.entitlement.policy.finder.CarbonPolicyFinder} -  Initializing of policy store is finished at :  Fri Apr 05 15:21:39 IST 2019
[2019-04-05 15:21:39,154]  INFO {org.wso2.carbon.core.services.util.CarbonAuthenticationUtil} -  'admin@carbon.super [-1234]' logged in at [2019-04-05 15:21:39,153+0530]
[2019-04-05 15:34:29,480]  WARN {org.wso2.carbon.identity.captcha.filter.CaptchaFilter} -  Captcha validation failed for the user. Cause : reCaptcha response is not available in the request.
[2019-04-05 15:34:29,505] ERROR {com.sun.jersey.api.client.ClientResponse} -  A message body reader for Java class org.wso2.carbon.identity.mgt.endpoint.client.model.InitiateQuestionResponse, and Java type class org.wso2.carbon.identity.mgt.endpoint.client.model.InitiateQuestionResponse, and MIME media type text/html;charset=UTF-8 was not found
[2019-04-05 15:34:29,505] ERROR {com.sun.jersey.api.client.ClientResponse} -  The registered message body readers compatible with the MIME media type are:
*/* ->
  com.sun.jersey.core.impl.provider.entity.FormProvider
  com.sun.jersey.core.impl.provider.entity.MimeMultipartProvider
  com.sun.jersey.core.impl.provider.entity.StringProvider
  com.sun.jersey.core.impl.provider.entity.ByteArrayProvider
  com.sun.jersey.core.impl.provider.entity.FileProvider
  com.sun.jersey.core.impl.provider.entity.InputStreamProvider
  com.sun.jersey.core.impl.provider.entity.DataSourceProvider
  com.sun.jersey.core.impl.provider.entity.XMLJAXBElementProvider$General
  com.sun.jersey.core.impl.provider.entity.ReaderProvider
  com.sun.jersey.core.impl.provider.entity.DocumentProvider
  com.sun.jersey.core.impl.provider.entity.SourceProvider$StreamSourceReader
  com.sun.jersey.core.impl.provider.entity.SourceProvider$SAXSourceReader
  com.sun.jersey.core.impl.provider.entity.SourceProvider$DOMSourceReader
  com.sun.jersey.core.impl.provider.entity.XMLRootElementProvider$General
  com.sun.jersey.core.impl.provider.entity.XMLListElementProvider$General
  com.sun.jersey.core.impl.provider.entity.XMLRootObjectProvider$General
  com.sun.jersey.core.impl.provider.entity.EntityHolderReader
  com.fasterxml.jackson.jaxrs.json.JacksonJsonProvider

[2019-04-05 15:34:29,510] ERROR {org.apache.catalina.core.StandardWrapperValve} -  Servlet.service() for servlet [processsecurityquestions.do] in context with path [/accountrecoveryendpoint] threw exception [An exception occurred processing JSP page /challenge-question-process.jsp at line 111

108:         try {
109:             SecurityQuestionApi securityQuestionApi = new SecurityQuestionApi();
110:             InitiateQuestionResponse initiateQuestionResponse =
111:                     securityQuestionApi.validateAnswerPost(answerVerificationRequest, requestHeaders);
112: 
113:             if ("validate-answer".equalsIgnoreCase(initiateQuestionResponse.getLink().getRel())) {
114:                 session.setAttribute("initiateChallengeQuestionResponse", initiateQuestionResponse);

Stacktrace:] with root cause
com.sun.jersey.api.client.ClientHandlerException: A message body reader for Java class org.wso2.carbon.identity.mgt.endpoint.client.model.InitiateQuestionResponse, and Java type class org.wso2.carbon.identity.mgt.endpoint.client.model.InitiateQuestionResponse, and MIME media type text/html;charset=UTF-8 was not found
    at com.sun.jersey.api.client.ClientResponse.getEntity(ClientResponse.java:630)
    at com.sun.jersey.api.client.ClientResponse.getEntity(ClientResponse.java:604)
    at org.wso2.carbon.identity.mgt.endpoint.client.ApiClient.invokeAPI(ApiClient.java:520)
    at org.wso2.carbon.identity.mgt.endpoint.client.api.SecurityQuestionApi.validateAnswerPost(SecurityQuestionApi.java:284)
    at org.apache.jsp.challenge_002dquestion_002dprocess_jsp._jspService(challenge_002dquestion_002dprocess_jsp.java:214)
    at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:70)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:731)
    at org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:472)
    at org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:395)
    at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:339)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:731)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:303)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
    at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
    at org.wso2.carbon.tomcat.ext.filter.CharacterSetFilter.doFilter(CharacterSetFilter.java:65)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
    at org.wso2.carbon.ui.filters.cache.ContentTypeBasedCachePreventionFilter.doFilter(ContentTypeBasedCachePreventionFilter.java:53)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
    at org.apache.catalina.filters.HttpHeaderSecurityFilter.doFilter(HttpHeaderSecurityFilter.java:126)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
    at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:219)
    at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:110)
    at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:494)
    at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:169)
    at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:104)
    at org.wso2.carbon.identity.context.rewrite.valve.TenantContextRewriteValve.invoke(TenantContextRewriteValve.java:80)
    at org.wso2.carbon.identity.authz.valve.AuthorizationValve.invoke(AuthorizationValve.java:91)
    at org.wso2.carbon.identity.auth.valve.AuthenticationValve.invoke(AuthenticationValve.java:65)
    at org.wso2.carbon.tomcat.ext.valves.CompositeValve.continueInvocation(CompositeValve.java:99)
    at org.wso2.carbon.tomcat.ext.valves.CarbonTomcatValve$1.invoke(CarbonTomcatValve.java:47)
    at org.wso2.carbon.webapp.mgt.TenantLazyLoaderValve.invoke(TenantLazyLoaderValve.java:57)
    at org.wso2.carbon.tomcat.ext.valves.TomcatValveContainer.invokeValves(TomcatValveContainer.java:47)
    at org.wso2.carbon.tomcat.ext.valves.CompositeValve.invoke(CompositeValve.java:62)
    at org.wso2.carbon.tomcat.ext.valves.CarbonStuckThreadDetectionValve.invoke(CarbonStuckThreadDetectionValve.java:159)
    at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:1025)
    at org.wso2.carbon.tomcat.ext.valves.CarbonContextCreatorValve.invoke(CarbonContextCreatorValve.java:57)
    at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116)
    at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:445)
    at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1137)
    at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:637)
    at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1780)
    at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:1739)
    at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
    at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
    at java.lang.Thread.run(Thread.java:745)
[2019-04-05 15:39:38,454]  INFO {org.wso2.carbon.core.services.util.CarbonAuthenticationUtil} -  'admin@carbon.super [-1234]' logged in at [2019-04-05 15:39:38,454+0530]
[2019-04-05 15:47:49,548]  WARN {org.wso2.carbon.identity.captcha.filter.CaptchaFilter} -  Captcha validation failed for the user. Cause : reCaptcha response is not available in the request.
[2019-04-05 15:47:49,557] ERROR {com.sun.jersey.api.client.ClientResponse} -  A message body reader for Java class org.wso2.carbon.identity.mgt.endpoint.client.model.InitiateQuestionResponse, and Java type class org.wso2.carbon.identity.mgt.endpoint.client.model.InitiateQuestionResponse, and MIME media type text/html;charset=UTF-8 was not found
[2019-04-05 15:47:49,557] ERROR {com.sun.jersey.api.client.ClientResponse} -  The registered message body readers compatible with the MIME media type are:
*/* ->
  com.sun.jersey.core.impl.provider.entity.FormProvider
  com.sun.jersey.core.impl.provider.entity.MimeMultipartProvider
  com.sun.jersey.core.impl.provider.entity.StringProvider
  com.sun.jersey.core.impl.provider.entity.ByteArrayProvider
  com.sun.jersey.core.impl.provider.entity.FileProvider
  com.sun.jersey.core.impl.provider.entity.InputStreamProvider
  com.sun.jersey.core.impl.provider.entity.DataSourceProvider
  com.sun.jersey.core.impl.provider.entity.XMLJAXBElementProvider$General
  com.sun.jersey.core.impl.provider.entity.ReaderProvider
  com.sun.jersey.core.impl.provider.entity.DocumentProvider
  com.sun.jersey.core.impl.provider.entity.SourceProvider$StreamSourceReader
  com.sun.jersey.core.impl.provider.entity.SourceProvider$SAXSourceReader
  com.sun.jersey.core.impl.provider.entity.SourceProvider$DOMSourceReader
  com.sun.jersey.core.impl.provider.entity.XMLRootElementProvider$General
  com.sun.jersey.core.impl.provider.entity.XMLListElementProvider$General
  com.sun.jersey.core.impl.provider.entity.XMLRootObjectProvider$General
  com.sun.jersey.core.impl.provider.entity.EntityHolderReader
  com.fasterxml.jackson.jaxrs.json.JacksonJsonProvider

recaptcha1 recaptcha3 recptcha4 recaptcha6

[1]. https://docs.wso2.com/display/IS580/Setting+Up+ReCaptcha [2]. https://docs.wso2.com/display/IS580/Configuring+Google+reCaptcha+for+Security-Question+Based+Password+Recovery [3]. https://docs.wso2.com/display/IS540/Password+Recovery+Using+Challenge+Questions

isharak commented 4 weeks ago

This issue is being closed due to extended inactivity. Please feel free to reopen it if further attention is needed. Thank you for helping us keep the issue list relevant and focused!