Backend: PropertyValueException when saving PasswordHistory during password reset #286
Description
Backend Issue: PropertyValueException when saving PasswordHistory
Labels: bug, backend, high-priority, authentication
Summary
When resetting a user's password via the /public/resetPassword endpoint, the backend throws a PropertyValueException when attempting to save password history. The password is successfully updated, but password history is not saved.
Error Details
org.hibernate.PropertyValueException: not-null property references a null or transient value: com.simpleaccounts.entity.User.userEmail
Location: apps/backend/src/main/java/com/simpleaccounts/rest/usercontroller/UserRestHelper.java
Method: savePasswordHistory(Integer userId, String password, Integer createdBy, Integer lastUpdatedBy, Boolean isActive)
Impact
- User Impact: Password reset appears to fail even though password is updated
- Data Integrity: Password history is not being saved
- System Reliability: Inconsistent behavior in password reset flow
Steps to Reproduce
- Register a new user or use an existing user
- Request a password reset via
/public/forgotPasswordendpoint - Use the reset token to call
/public/resetPasswordendpoint with a new password - Observe the backend logs for
PropertyValueException - Verify that password was updated but password history was not saved
Expected Behavior
- Password reset should complete successfully
- Password should be updated in
USER_CREDENTIALtable ✅ (works) - Password history should be saved in
PASSWORD_HISTORYtable ❌ (fails) - API should return HTTP 200 with success message ❌ (returns 500)
Actual Behavior
- Password is updated in
USER_CREDENTIALtable ✅ - Password history is NOT saved in
PASSWORD_HISTORYtable ❌ - API returns HTTP 500 with error message "Unable To Set Password." ❌
- Exception is logged:
PropertyValueException: not-null property references a null or transient value: com.simpleaccounts.entity.User.userEmail❌
Root Cause
The PasswordHistory entity has a @ManyToOne(fetch = FetchType.EAGER) relationship with User. When saving PasswordHistory, Hibernate attempts to validate the User entity, which appears to be detached or not fully loaded, causing it to treat it as a new entity and attempt to persist it. During this process, it validates that userEmail is not null, which fails.
Attempted Fixes
The following approaches were tried but did not resolve the issue:
- Changed
persisttoupdatefor User entity - Reloaded user from database before updating
- Added validation to ensure userEmail is not null
- Used
EntityManager.getReference()to get a managed proxy reference - Used
EntityManager.merge()to ensure entity is managed - Used
EntityManager.find()directly to get managed entity - Created custom query
findPasswordHistoriesByUserIdto query by userId - Created native SQL insert
insertPasswordHistoryto insert without loading User entity
Proposed Solutions
See .issue-backend-password-history.md for detailed proposed solutions.
Related Files
apps/backend/src/main/java/com/simpleaccounts/rest/usercontroller/UserRestHelper.javaapps/backend/src/main/java/com/simpleaccounts/rest/Logincontroller/LoginRestController.javaapps/backend/src/main/java/com/simpleaccounts/entity/PasswordHistory.javaapps/backend/src/main/java/com/simpleaccounts/entity/User.javaapps/backend/src/main/java/com/simpleaccounts/repository/PasswordHistoryRepository.java
Test Coverage
- ✅ Playwright E2E test exists:
apps/frontend/e2e/reset-password-complete.spec.ts - ✅ Test correctly identifies the failure
⚠️ Test currently expects failure (should be updated once issue is fixed)
Priority
High - This affects a critical user flow (password reset) and causes inconsistent behavior.
Additional Context
- Related to Task [TASK] Migrate authentication screens (Login, Register, Reset Password) #167 (Authentication Screens Migration)
- Frontend migration is complete and working correctly
- The test suite correctly identifies this backend issue
- Password reset functionality is partially working (password is updated, but history is not saved)