Problems, need help? Have a tip or advice? Post it here.
6 posts Page 1 of 1
When my users try to login and click on the Reset Password link the enter their username and click on the "Send reset mail" link.

That sends an email to them titled "Password Reset Requested" with a link to "confirm that the request was made by you...".

Clicking on that link takes them to a page that says "A confirmation email has been sent to you
Please check your email.". But there is no confirmation email nor any way to change the password there!
Usually this problem can be traced to email delivery issue; in your case, the first email gets delivered as expected but the second one goes missing - which is puzzling. I am sure you must have checked the spam folder.

Anyway, the only other method to reset the password would be to do so manually -
please see @trendoman's solution here
viewtopic.php?f=4&t=10223#p24602

Hope this helps.
KK wrote: ...the first email gets delivered as expected but the second one goes missing...


That's true, but the real issue is that there's no interaction from the website after clicking the link on the first email. Just the message that a confirmation email has been sent. A confirmation of WHAT? I'm not concerned that I don't receive that 2nd confirmation email, I just never get the chance to actually change the password.
From what I understand about the default workflow, when the user requests a password request she is shown the folowing message on the site -
Code: Select all
A confirmation email has been sent to you.
Please check your email inbox.

The email refered to in the message above is the following -
Code: Select all
Subject: Password reset requested

A request was received to reset your password for the following site and username..
To confirm that the request was made by you, please visit the following address, otherwise just ignore this email.
..LINK HERE..

The link in the email looks something like this -
https://your-site/forgotpassword.php?act=reset&key=xxxx

Once that link is clicked, the user navigates to the above-mentioned URL and Couch resets the password to a random value for her.
That random value is emailed to her while also showing the following message on the site -
Code: Select all
Your password has been reset.
Please check your email for the new password.

The sent email goes something like this -
Code: Select all
Subject: Your new password

Your password has been reset for the following site and username..
New Password: xxxxx
You can change your password once logged in.

What you are describing does not match the expected workflow -
clicking the link in the first email should not show "A confirmation email has been sent.."; rather, it should say "Your password has been reset".

As to what is causing this, perhaps you are using 'extended-users' or other such addon and have tweaked the login/recover-password process?
Please check this because if it is so them maybe the implementation has been faulty.

Let me know. Thanks.
I am using the extended-users addon and possibly others as well. I'd like to upgrade to the latest version of Couch but I'm afraid to do so because of tweaks such as this that have been made that would stop working. Maybe the newest version natively contains the features that had to be tweaked in the past? Is there a technique that I could use to uncover the customizations to the native code? I'll take a deeper look this week.
Sure enough, there's the extended users mod as well as others from the looks of it (all the menu items in strikeout)? I believe the extended users mod was to allow for additional fields in the user database. Not sure if/why the login mod was needed. Any recommendations as to how I could proceed to clean this up?

Attachments

6 posts Page 1 of 1