New UX: When resetting the password, PPM does not verify that the New Password and Confirm password data given match. Even if those do not match, password gets reset.
STEPS TO REPRODUCE:
1. Log in to PPM and ensure new UX is enabled.
2. Go to Administration > Organization and Access > Resources.
3. Edit any user profile and add your email address and user email address.
4. Go to the new UX URL, let say: http://<server_name>/pm.
5. Click on Forgot Password.
6. Enter the user name you want to have the password reset.
7. You will receive an email like:
We have received a request to reset your CA PPM™ password. To proceed, please click on the following link.
http://<server_name>/pm#changepassword?userName=<username>&code=VeFwJVyVQmh5BmUZ4js1k
8. Open the link and you will find a window where you need to enter the new password
9. Give as a New Password: Mynowpwd
Confirm Password: Mynewpwd
10. Submit it
Expected Result: I should be alerted that both passwords given do not match.
Actual Result: Password gets reset to Mynowpwd and no alert is given about password matching. As a typo was made when entering the password, If the user tried to log in using Mynewpwd an error "
API-1029 : Authentication Error. Contact your system administrator for necessary action" will be received.