known issue Reset Password Redirects to Home Page

[Como]

I heard from members that the password reset link in their email redirects them to the home page with no opportunity to update their password. I've tested and can confirm this behaviour.

There are no entries in the error logs.

Thanks.

[Marc]

Do you have an example of the email link you could send me? Also, have you disabled all 3rd party while testing this?

[Como]

Hi Marc,

https://xxxxx.xxx/index.php?app=core&module=system&controller=redirect&url=https://xxxxx.xxx/lostpassword/?do=validate%26vid=2e0194899488addb3617fb6595bfc1ca%26mid=223015&key=330e6282572ad380add0469d989e5a91590fb0ab8b793be0fe6d423c2f23c822&email=1&type=lost_password_init

No, I have not disabled all addons. One, in particular, I cannot disable without taking the site offline (it involves member privacy). Let me know on the above link, and if it looks good, and I'll perform some testing.

PS The above link is more than an hour old, so even with the site address, it is no good to anyone.

Edited August 3, 2023 by Como

[Marc]

Are you using sendgrid at all? I suspect something is being rewritten there, and one of our developers has mentioned the same. If you can send me the full unredacted URL via pm that may be helpful

[Como]

No, we do not use Sendgrid. I'll send you PM within a minute.

[Marc]

Something appears to be messing with the encoding on some characters there. Either through an issue with your email service, changes in email templates, or 3rd party interference. There are parameters which wouldnt be passed over for that reason.

[Como]

Members have have experienced the same problem. I've an idea of what the problem might be. I'll send you a PM in a few minutes.

[Marc]

If the URL is formatted the same, then they will indeed have the same issue

[Como]

Hi Marc,

I sent you another sample link (PM), from another email account. Same URL structure. All apps and plugins are disabled (I double-checked).

[Jim M]

Please be advised I have escalated this to a ticket so that we can further investigate.

[Como]

Thanks.

[Como]

I suspect the following is related to the above.

The URL to user profiles, as displayed next to posts, is appended with an apparently superfluous string of characters. I disabled all apps and plugins and retested - same result. I note that no similar extra characters appear here when I hover/click usernames beside posts.

https://xxxxx.xxx/profile/USER-ID-USERNAME/?wr=eyJhcHAiOiJmb3J1bXMiLCJtb2R1bGUiOiJmb3J1bXMtY29tbWVudCIsImlkXzEiOjI3MDg3NywiaWRfMiI6MzQ0NDU3NX0=

The appended string is different for every post.

Thanks.

[Como]

Seems there is an explanation for my above post here:

I am not sure I fully understand, but it appears to be benign and expected behavior.

[Marc]

Please add any further information to your ticket rather than to the topic here

[Como]

I do not have a ticket. Or, if I do, I have not received an email with a link to it.

[Marc]

You got the right thing there. I have just responded to you

[Como]

Cheers, Marc. Yeah, I did not realise that regular email from the regular support address was a ticket.  Thanks.

[Marc]

1 hour ago, Como said:

Cheers, Marc. Yeah, I did not realise that regular email from the regular support address was a ticket.  Thanks.

No problem at all 🙂 

[Como]

Hi.

This bug is back! Similar, very long reset link, which does not resemble correct rest links. The work around is the same as before:

Admin Control Panel > System > Email > (disable) Log Statistics setting

I few weeks ago, a member contacted me about her problems resetting her password. I assumed she was doing something wrong and I reset it manually for her. But the problem arose again today, and I tested it for myself.

I am not very happy that this bug has been reintroduced.

[Marc]

Thank you for bringing this issue to our attention! I can confirm this should be further reviewed and I have logged an internal bug report for our development team to investigate and address as necessary, in a future maintenance release.

 

[Como]

On 4/2/2024 at 11:00 AM, Marc Stridgen said:

Thank you for bringing this issue to our attention! I can confirm this should be further reviewed and I have logged an internal bug report for our development team to investigate and address as necessary, in a future maintenance release.

 

Has this been resolved? I need to re-enable Log Statistics.

Thanks.

[Jim M]

23 minutes ago, Como said:

Has this been resolved? I need to re-enable Log Statistics.

Thanks.

It is still an open bug.

[Como]

1 hour ago, Jim M said:

It is still an open bug.

Hi @Jim M

Are you aware that this was a previously fixed bug, but was reintroduced earlier in the year?

[Jim M]

44 minutes ago, Como said:

Hi @Jim M

Are you aware that this was a previously fixed bug, but was reintroduced earlier in the year?

I’m afraid, regardless of whether the issue previously existed or is brand new, the steps would be the same to resolving. At this time, we do not have any further info than the bug is open. 

[Como]

Hi @Jim M

I understand. But I am about bulk email members and I wished to have a log of links clicked as this might prove very informative.

I was also hoping that as this bug was previously fixed, a fix might be more straightforward and speedy. But I do appreciate that you will have procedures to follow.

Thanks.