Skip to content
This repository has been archived by the owner on Jun 2, 2023. It is now read-only.

Passcore API returns IncorrectCredentials insted of ComplexPassword error response #676

Open
drbogar opened this issue Sep 22, 2022 · 2 comments

Comments

@drbogar
Copy link

drbogar commented Sep 22, 2022

PassCore Server

  • OS: Linux/Docker
  • Provider: Active Directory
  • Log (without sensitive information):
warn: PassCoreLDAPProvider[0]
      Resolved Win32 API Error: code=1325 name=ERROR_PASSWORD_RESTRICTION desc=Unable to update the password. The value provided for the new password does not meet the length, complexity, or history requirements of the domain. - LdapException: Constraint Violation (19) Constraint Violation
      LdapException: Server Message: 0000052D: AtrErr: DSID-031910B8, #1:
        0: 0000052D: DSID-031910B8, problem 1005 (CONSTRAINT_ATT_TYPE), data 0, Att 9005a (unicodePwd)

      LdapException: Matched DN:

Describe the bug
If the new password does not meet the Active Directory requirements, the logs will show the real error, but the web interface will say that I have entered the current password incorrectly.

I think the problem is that all returned errors from the provider are translated to invalidCredentials:
https://github.com/unosquare/passcore/blob/master/src/Zyborg.PassCore.PasswordProvider.LDAP/LdapPasswordChangeProvider.cs#L195

Expected behavior
I think that the passcore API should return ApiErrorCode.ComplexPassword instead of ApiErrorCode.IncorrectCredentials, if that's the response it gets from the provider.

@stevleibelt
Copy link

Same error (on my machine) with the log entry Unable to find username: [foobar]. The frontend shows You need to provide the correct current password..

If I am allowed use your issue.

@drbogar
Copy link
Author

drbogar commented Feb 2, 2023

Of course you can use my issue. If I understand correctly, this is the same error.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants