Merge pull request #1653 from hashicorp/userpass-no-500

Don't return 500 for user error in userpass when setting password

builtin/credential/userpass/path_user_password.go

@@ -46,26 +46,29 @@ func (b *backend) pathUserPasswordUpdate(
 		return nil, fmt.Errorf("username does not exist")
 	}
 
-	err = b.updateUserPassword(req, d, userEntry)
-	if err != nil {
+	userErr, intErr := b.updateUserPassword(req, d, userEntry)
+	if intErr != nil {
 		return nil, err
 	}
+	if userErr != nil {
+		return logical.ErrorResponse(userErr.Error()), nil
+	}
 
 	return nil, b.setUser(req.Storage, username, userEntry)
 }
 
-func (b *backend) updateUserPassword(req *logical.Request, d *framework.FieldData, userEntry *UserEntry) error {
+func (b *backend) updateUserPassword(req *logical.Request, d *framework.FieldData, userEntry *UserEntry) (error, error) {
 	password := d.Get("password").(string)
 	if password == "" {
-		return fmt.Errorf("missing password")
+		return fmt.Errorf("missing password"), nil
 	}
 	// Generate a hash of the password
 	hash, err := bcrypt.GenerateFromPassword([]byte(password), bcrypt.DefaultCost)
 	if err != nil {
-		return err
+		return nil, err
 	}
 	userEntry.PasswordHash = hash
-	return nil
+	return nil, nil
 }
 
 const pathUserPasswordHelpSyn = `

builtin/credential/userpass/path_users.go

@@ -156,10 +156,13 @@ func (b *backend) userCreateUpdate(req *logical.Request, d *framework.FieldData)
 	}
 
 	if _, ok := d.GetOk("password"); ok {
-		err = b.updateUserPassword(req, d, userEntry)
-		if err != nil {
+		userErr, intErr := b.updateUserPassword(req, d, userEntry)
+		if intErr != nil {
 			return nil, err
 		}
+		if userErr != nil {
+			return logical.ErrorResponse(userErr.Error()), nil
+		}
 	}
 
 	if policiesRaw, ok := d.GetOk("policies"); ok {