Makoto Posted April 7, 2022 Posted April 7, 2022 In the latest release of IPS, password reset e-mails seem to expire after 1-hour. If a user submits a password reset request and does not respond to the request within that hour, the first problem is the error they receive when clicking on the reset password link, It would be much better for this error to tell them that their password reset link has expired, and provide a link to submit a new password reset request. However, that brings us to the real problem. When users submit another password reset request, nothing actually happens. It sends the same password reset request link to the user. It does not regenerate the password reset request in the database. The user gets sent an expired password reset link every time they try and generate a new one. This means that if the user does not reset their password correctly on the first attempt, it becomes impossible for them to do it until an administrator goes in and manually clears the entry out from the core_validating table. Afrodude, DawPi and Sonya* 1 2
Mark H Posted April 7, 2022 Posted April 7, 2022 Thank you for bringing this issue to our attention. While the 1-hour expiration is intended now, IÂ can confirm the issue with the link should be further reviewed and I've logged an internal bug report for our development team to investigate and address as necessary, in a future maintenance release. Makoto 1
Makoto Posted April 7, 2022 Author Posted April 7, 2022 (edited) Thanks Mark, Yeah absolutely no issue with links expiring, I think that's a good security feature. A custom error being displayed to tell people the links expired could be a good UX improvement though! It took me a bit to identify the issue myself when a user reported it because the error kept just implying their reset request didn't exist. Edited April 7, 2022 by Makoto
Marc Posted April 12, 2022 Posted April 12, 2022 This issue has now bene resolved in the latest release, which has gone out this morning. Makoto 1
DawPi Posted April 12, 2022 Posted April 12, 2022 @Marc Stridgen, update dev tools too. Thanks in advance.
Marc Posted April 12, 2022 Posted April 12, 2022 1 hour ago, DawPi said: @Marc Stridgen, update dev tools too. Thanks in advance. I shall get that mentioned to our devs to update 🙂Â
Recommended Posts