fix: detect z/OSMF expired password in 401 response — GH#4083#4800
Open
balhar-jakub wants to merge 1 commit into
Open
fix: detect z/OSMF expired password in 401 response — GH#4083#4800balhar-jakub wants to merge 1 commit into
balhar-jakub wants to merge 1 commit into
Conversation
Add isExpiredPassword() helper that parses z/OSMF 401 response body for SAF messages indicating an expired password. Intercept HttpClientErrorException.Unauthorized in issueAuthenticationRequest() before the generic RuntimeException catch. When expired password is detected, throw ZosAuthenticationException(EMVSEXPIRE, errno 168). Closes #4083 Signed-off-by: Jakub Balhar <jakub.balhar@broadcom.com>
Member
Author
QA + Security Review — PR #4800 (GH#4083)Verdict: APPROVED ✅ Architecture Compliance ✅Implementation matches architect's solution design exactly:
Pavel's Lens — All 8 Rules ✅
Code Quality Notes
CI Status
Files Reviewed
|
|
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.



Closes #4083
Summary
When z/OSMF returns HTTP 401 for an expired password, the response body now contains SAF indicators (SAFReturnCode=8, SAFReasonCode=24) when z/OSMF is configured for detailed auth messages. Previously, all 401s were blindly mapped to BadCredentialsException (ZWEAG120E). This fix inspects the 401 response body and throws ZosAuthenticationException with EMVSEXPIRE (ZWEAT412E) when expired password is detected.
Changes
QA review + CI gate to follow