need to add optional params to render_token_login_page on reset_password?

[KumanoTanaka]

https://github.com/getredash/redash/blob/master/redash/handlers/authentication.py#L85

@routes.route(org_scoped_rule('/reset/<token>'), methods=['GET', 'POST'])
def reset(token, org_slug=None):
    return render_token_login_page("reset.html", org_slug, token)

☝️ should be the following?

@routes.route(org_scoped_rule('/reset/<token>'), methods=['GET', 'POST'])
def reset(token, org_slug=None):
    return render_token_login_page("reset.html", org_slug, token, False)

In our stand-alone env, we could not reset some user's password.
redash docker tag was: redash/redash:7.0.0.b18042

[rauchy]

@KumanoTanaka that seems right. Could you submit a PR for this?

[arikfr]

What’s the implication of this? I mean what was the behavior before the change? Arik

…

On Thu, Apr 4 2019 at 9:01 AM, < ***@***.*** > wrote: @KumanoTanaka ( https://github.com/KumanoTanaka ) that seems right. Could you submit a PR for this? — You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub ( #3675 (comment) ) , or mute the thread ( https://github.com/notifications/unsubscribe-auth/AAEXLAxDBbhPB4AnDk6Yz72_sUQcYhYqks5vdZU3gaJpZM4cb_VE ).

[rauchy]

@arikfr I'm guessing it will error for pending users. see https://github.com/getredash/redash/blob/master/redash/handlers/authentication.py#L41

[KumanoTanaka]

What’s the implication of this? I mean what was the behavior before the change?

I could not reset user's password when I clicked email-embedded link.
always faced redash error page.

This invitation has already been accepted. 
Please try resetting your password instead.

[arikfr]

@rauchy oh, ok. I guess this was missing from #3500?

[woozhijun]

I have the same problem for redash/redash:7.0.0.b18042

[justinclift]

Just hit this exact error when trying to reset a test user's password in a newly installed temporary instance, running Redash 7.0.0 b18042.

The Admin user can generate the "reset password" link, but when going to the generated link it turns out to be incorrect:

This invitation has already been accepted. 
Please try resetting your password instead.

So, resetting passwords via the webUI doesn't work.

The workaround was to connect directly to the running backend PostgreSQL database and replace the password_hash value for the user (in the users table) with the hash for the new password.

# docker exec -it redash_postgres_1 sh
# su - postgres
$ psql postgres
postgres=# SELECT id, name, email, password_hash FROM users;

With the query to update the value:

UPDATE users
SET password_hash = 'new_hash_value'
WHERE email = 'email_address@of_user.here';

Logging in with the updated user/password combination then worked fine.

[kouya0219]

The easiest way
change details in the users table

{"is_invitation_pending": false, "active_at": "2019-09-04T08:53:56Z"}
to
{"active_at": "2019-09-04T08:53:56Z"}

and then click Send Password Reset Email or I forgot my password link

[fessmage]

Same problem on Version: 7.0.0+b18042 (4a978ba): reset password don't work, link from email result in page "This invitation has already been accepted".

[arikfr]

Closing this as it was already fixed in #3676. The fix is included in v8.0.0-beta.2 and I recommend upgrading to it to fix it (don't be worried about the beta tag, it was in use for along time now).