Unable to get past Change Password Required

[nattyp]

Unable to get pass Change Password Required

Description

I am unable to login via the API. I keep getting RC 203, even after resetting the password

Steps to reproduce

I am using Postman 7.2.7.1 Mac desktop client.

when I login,

POST http://localhost:9011/api/login
{
  "loginId": "ncbadmin@smsja.net",
  "password": "6Krcasr&j",
  "applicationId": "8901cb2e-d900-4773-afd0-4c05494efe40"
}

I get a 203 response instead of a 200 response.

{
    "changePasswordId": "PNrfvTEpDF4YvPLH1IEokO151k99FbIYc9zBxWFrcCg",
    "changePasswordReason": "Validation"
}

If I change the password with

POST http://localhost:9011/api/user/change-password
{
  "currentPassword": "n9P#XSml",
  "password": "n9Pasr$3ml",
  "loginId": "ncbadmin@smsja.net"
}

I get back a 200 response (no body), and when I try to login again with the new password, the cycle repeats.

Affects versions

I am running 1.16.0 on CentOS 7.8

Expected behavior

I expected the POST /api/login to work given that the credentials were good.

The password change reasons

• Administrative
• Breached
• Expired
• Validation

may need additional clarification as how to respond to them.

Screenshots

The Tenant Password Settings

Platform

(Please complete the following information)

• Device: Desktop
• OS: Mac OS Catalina
• Browser + version: Safari 13.0.5, Chrome 83.0.4103.116
• Database Maria DB 10.3

Additional context

I eventually got out of the cycle by

Setting the new password by

PATCH http://localhost:9011/api/user/78e27d7d...
{
  "user": {
    "skipVerification": true,
    "email": "admin@email",
    "passwordChangeRequired": false,
    "username": "ncbadmin",
    "password": "Ka44sr&j"
  }
}

After which I was able to login.

[mooreds]

Looks like it might be a regression? Poster here: https://fusionauth.io/community/forum/topic/225/all-password-change-apis-failing was able to get the change password API to work if they rolled back to 1.16?

[bguyza]

@nattyp ,
I have been trying to recreate your issue on both the most current version and 1.16.0. Unfortunately I have not been able to. Could you confirm your Tenant Password Settings as indicated in the screenshot above? It might be helpful to see your Application's "Login API Settings" too. Finally, if you happen to have any additional logging that you think might be informative, I would be happy to continue troubleshooting.
Thanks.

[nattyp]

As I have passed this issue, if you are unable to recreate it based on what I have provide, I am willing to close this issue.

[robotdan]

Thanks @nattyp closing for now. If you run into this again, please re-open or let us know! Thanks.