BUGFIX: Capture exceptions when creating new user or updating password #3918
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR replaces #3901.
Upgrade instructions
Creating a user or changing the password will no longer throw an exception with a 500 error page but instead show the error in a flash message. This is done by wrapping
UserService::addUser()
andUserService::setUserPassword()
with a try-catch block.Review instructions
This PR changes the exception handling when creating new users or updating passwords by wrapping the used methods (
UserService::addUser()
andUserService::setUserPassword()
) inside a try catch block and showing an error message (FlashMessage) if there was an exception.That way it will be easier to extend Neos and add some password checks without showing a 500 error page in the Neos backend, which is currently the case with JvMTECH.NeosHardening (see jvm-tech/JvMTECH.NeosHardening#2) and maybe others.
With the adjusted code you can add checks to the password through an Aspect and simply throw an exception, if the requirements do not pass.
Checklist
FEATURE|TASK|BUGFIX
!!!
and have upgrade-instructions