Setting POSIX password might set an alternative password instead #3719
Description
Short description of issue
After a failed attempt at setting a POSIX password (too short for instance), the new attempt will actually set the Alternative Password. This is very easy to miss.
The logs show that the first failed attempt posts to the correct uri:
68735748-8162-4f99-afd4-f5e1af422add INFO request [ 1.45ms | 28.62% / 100.00% ] method: POST | uri: /ui/reset/set_unixcred | version: HTTP/1.1
68735748-8162-4f99-afd4-f5e1af422add INFO ┝━ handle_idmcredentialupdate [ 1.03ms | 71.38% ]
68735748-8162-4f99-afd4-f5e1af422add ERROR │ ┕━ 🚨 [error]: Failed to begin credential_unix_set_password | err: PasswordQuality([TooShort(10)])
68735748-8162-4f99-afd4-f5e1af422add WARN ┕━ 🚧 [warn]: | latency: 9.283032ms | status_code: 422 | kopid: "68735748-8162-4f99-afd4-f5e1af422add" | msg: "client error"
The second attempt, however, posts to the wrong uri:
9c1b1368-fab2-435b-a129-7f543114e42e INFO request [ 31.1ms | 1.69% / 100.00% ] method: POST | uri: /ui/reset/add_password | version: HTTP/1.1
9c1b1368-fab2-435b-a129-7f543114e42e INFO ┕━ handle_idmcredentialupdate [ 30.6ms | 98.31% ]
Kanidm version (and git commit)
This is the docker image version 1.6.4
Operating System / Version
Linux (redacted hostname) 6.15.4-200.fc42.x86_64 #1 SMP PREEMPT_DYNAMIC Fri Jun 27 15:32:46 UTC 2025 x86_64 GNU/Linux