Create User invalid request has a response which returns 500 #5228

[armaganpekatik]

Fixes #5228

Summary

When you try to change any user password, invalid password set causes an error response has a status code of 500 which is system exception.

[mitchelsellers]

Although I understand the desired goal here, this does introduce a process change, and you might be masking an error that would have historically been logged.

For example, UserCreate can fail for password, duplicate email, or other reasons. This process now assumes that all failures are invalid passwords which is not correct. I think if any attempt to bypass logging etc should be adjusted.

Now, I could be convinced that ALL errors should be a 400 response, rather than a 500 though?

@dnnsoftware/approvers any thoughts?

[david-poindexter]

I'm thinking we should be using 403 Forbidden in this case, no? I agree that 500 Internal Server Error is not good.

Perhaps you are on to something though with the 400.

[armaganpekatik]

Although I understand the desired goal here, this does introduce a process change, and you might be masking an error that would have historically been logged.

For example, UserCreate can fail for password, duplicate email, or other reasons. This process now assumes that all failures are invalid passwords which is not correct. I think if any attempt to bypass logging etc should be adjusted.

Now, I could be convinced that ALL errors should be a 400 response, rather than a 500 though?

@dnnsoftware/approvers any thoughts?

You are right for the naming, we can change InvalidPasswordException to InvalidUserRegistrationException. This was because I was thinking that I can define password error at the beginning. So the error is coming from https://github.com/dnnsoftware/Dnn.Platform/blob/develop/DNN%20Platform/Library/Entities/Users/UserController.cs#L779 and all of them are user validation error. Please see last commit.

[mitchelsellers]

This looks acceptable to me

[donker]

LGTM