by
KK » Fri Sep 17, 2021 1:54 am
From what I understand about the default workflow, when the user requests a password request she is shown the folowing message on the site -
- Code: Select all
A confirmation email has been sent to you.
Please check your email inbox.
The email refered to in the message above is the following -
- Code: Select all
Subject: Password reset requested
A request was received to reset your password for the following site and username..
To confirm that the request was made by you, please visit the following address, otherwise just ignore this email.
..LINK HERE..
The link in the email looks something like this -
https://your-site/forgotpassword.php?act=reset&key=xxxxOnce that link is clicked, the user navigates to the above-mentioned URL and Couch resets the password to a random value for her.
That random value is emailed to her while also showing the following message on the site -
- Code: Select all
Your password has been reset.
Please check your email for the new password.
The sent email goes something like this -
- Code: Select all
Subject: Your new password
Your password has been reset for the following site and username..
New Password: xxxxx
You can change your password once logged in.
What you are describing does not match the expected workflow -
clicking the link in the first email should not show "A confirmation email has been sent.."; rather, it should say "Your password has been reset".
As to what is causing this, perhaps you are using 'extended-users' or other such addon and have tweaked the login/recover-password process?
Please check this because if it is so them maybe the implementation has been faulty.
Let me know. Thanks.