Click here in password reset email doesn't work

[Matt J]

Thank you for requesting a password reset. To continue with your password reset, please click here to continue.

If for some reason this link doesn't work, you can copy and paste the following code onto the password reset form:

When I click the link it just takes me to the page to copy in the code but the click here link already had the code in the URL. Is this a bug or something I need allow in the configuration somewhere? I'm running the snapshot from this morning, April 10th, 2017.

Thanks for your help.

[shoieb...@gmail.com]

Make sure the site URL is configured properly and resolvable.
Settings -> Application -> Application

[Matt Jamison]

Site URL is there and correct. I do not have anything for Forward, Logout or Home URL's, do those matter at all?

~Matt

On Tue, Apr 11, 2017 at 9:14 AM, <shoieb...@gmail.com> wrote:

Make sure the site URL is configured properly and resolvable.
Settings -> Application -> Application

--
You received this message because you are subscribed to a topic in the Google Groups "pwm-general" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/pwm-general/iixXxlFoANw/unsubscribe.
To unsubscribe from this group and all its topics, send an email to pwm-general+unsubscribe@googlegroups.com.
To post to this group, send email to pwm-g...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/pwm-general/07fbf087-2291-451a-91c1-fc7abb09ca6c%40googlegroups.com.

For more options, visit https://groups.google.com/d/optout.

[Matt Jamison]

I turned File Log Level to DEBUG and clicked the password reset link and this is what shows up in the logs:

2017-04-11T11:19:02Z, DEBUG, forgottenpw.ForgottenPasswordServlet, {397145} attempting to forward request to handle verification method TOKEN [MY.IP.ADDR.ESS]

But I still land on the page that requests I paste in the code. :(

~Matt

[Matt Jamison]

Is there anything else I can do to narrow down the problem?

Thanks,

~Matt

[Matt Jamison]

I turned on trace and this is what it says (i did change some identifying information around):

2017-04-26T11:23:54Z, TRACE, http.PwmRequest, {655485} GET request for: /pwm/public/forgottenpassword/H4sIAAAAAAAAAAG2AUn-UFdNLkdDTTEQvLfDi6qEiicsQKpUSzwobFleIrxwsDjvJNhCgzTTIzukRXVAoPrhv1YDcyuDvIxzPITpgYEXMzceVYu7XkJ-b7SUSxAhhEluhGAm4qyvgAcn_C8yW6kLlaYP_43DtDL8zEVZllM451Kp2VTmaKiEEOSjicLKl20edvpcsCK1Iy7h4B6jHIrBYG63wNvnOVCkNR-5LlDnajaLIfxxBI2a5pKJrro4VV-t6hXIy-h4a6WA9ACnYc94TpDQPlMbupv7px0sH9uFMvdhu5w3NNPt3gW5cOnb4XZvAuVeQO7LuqWa4Md2HvCyDhP6N835B7jkQl-AxvbEvZhwsttO7odLxRcP0r7Ai0ZITthe7ia7GgkRNAT5cALb-BRK_rlGw1O-Jsgo9Y8P8to3z3rALmsR9MRCLI7DjhxP8EtzagUIMiZ6iY7r0SFXqXmKanVV3Y9NXZUYxhPY_IMuqXJlYD35yXg1sFW7a9d8qQSdTTKpVEVdKOuRh1aXSF_id-YJq1AKh8S71Bs1wkxvMGqI3eHP3T7nYTYUNgE7x2v68mnH_si6ftEq8ZYz-oOjvw14tGN2CrYBAAA= (no params) [10.32.1.27]

2017-04-26T11:23:54Z, TRACE, forgottenpw.ForgottenPasswordServlet, {655485} entering forgotten password progress engine: flags={"a":false,"r":["TOKEN"],"o":[],"m":0,"t":"EMAILONLY"}, progress={"s":true,"p":false,"m":[],"c":"EMAILONLY","a":"john....@example.com"} [10.32.1.27]

2017-04-26T11:23:54Z, DEBUG, forgottenpw.ForgottenPasswordServlet, {655485} attempting to forward request to handle verification method TOKEN [10.32.1.27]

2017-04-26T11:23:54Z, TRACE, http.SessionManager, {655485} incremented request counter to 1 [10.32.1.27]

2017-04-26T11:23:54Z, TRACE, state.CryptoCookieLoginImpl, {655485} wrote LoginInfoBean={"a":false,"p":"*hidden*","t":"UNAUTHENTICATED","af":[],"rq":"2017-04-26T15:23:54.742Z","g":"j1z2qgcl0fw42IMSWPURjFU3cP8W82orcgZekTA1JQtOum0k96UXsVrK6FiqVHcIntc3glMK","c":5,"lf":[]} [10.32.1.27]

2017-04-26T11:23:54Z, TRACE, http.PwmResponse, {655485} forwarding to /WEB-INF/jsp/forgottenpassword-entertoken.jsp [10.32.1.27]

So something isn't working right.

Any ideas how to fix?

~Matt

[yann...@gmail.com]

> To unsubscribe from this group and all its topics, send an email to pwm-general...@googlegroups.com.

>
> To post to this group, send email to pwm-g...@googlegroups.com.
>
> To view this discussion on the web visit https://groups.google.com/d/msgid/pwm-general/07fbf087-2291-451a-91c1-fc7abb09ca6c%40googlegroups.com.
>
>
>
> For more options, visit https://groups.google.com/d/optout.

Hello PWM team,

I have exactly the same problem on my PWM 1.8 (20170413).

The email received containing both :

- A link "click here" with the right token embedded in the URL (GET Request)
- The token reflected in the email's body (for copy and paste in the textarea of PWM)

When I copy/paste the token, the form is submitted in POST (with a anti-CSRF token, I supposed, in an other POST param).

But when I use the "click here link", the right token transmited in GET isn't processed by PWM and I reach the forgottentPassword textarea page again... (the token is still valid if I copy/paste it).

There is no error nor warning in logs (trace / debug enable).

This functionality worked well with PWM 1.6 and 1.7, so I think it's a new bug introduced with the 1.8 version.

For me too, any help will be appreciated.

Sincerely,

[thomash...@gmail.com]

I am also seeing the same behavior on version 1.8.0

[yann...@gmail.com]

Le jeudi 1 juin 2017 15:09:40 UTC+2, thomash...@gmail.com a écrit :
> I am also seeing the same behavior on version 1.8.0

At this date (latest version since yesterday), it seems to be fixed !