No feedback after password (re)set

[lal12]

Steps to reproduce

1. Click on the password reset link in the reset mail (or the account created mail)
2. Enter new password
3. Klick on the button

Expected behaviour

There should be a notification, that the password has been set or better a redirect to the start page.

Actual behaviour

The password is changed but nothing happened. If you press the button twice, it complains about an invalid token, which is right, since the password was changed. I noticed that the POST request to "index.php/lostpassword/set/************/user" works and so sets the password. But afterwards there is an POST request to "/" which is replied with "405 Method not allowed", which is also correct, because it is an API request:

Accept: */*
Accept-Language: de,en-US;q=0.7,en;q=0.3
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
requesttoken: UrEkdqDotWJQ/SYHc7vF8ygKPCBc3zclYIyaZxPaDv8=:HfNANeaC1woYuldCOc+3gwNjT1UMunR2Nf3xLVGxZYo=
OCS-APIREQUEST: true
X-Requested-With: XMLHttpRequest

(I removed fields, like User-Agent and Cookies)

Server configuration

Operating system: Linux

Web server: NGINX

Database: MariaDB

PHP version: 7.0.

Nextcloud version: 12.0.3

Updated from an older Nextcloud/ownCloud or fresh install: Updated from 12.0.x->12.0.3

Where did you install Nextcloud from: Web Installer

Signing status:

Signing status

No errors have been found.

List of activated apps:

App list

- calendar: 1.5.6 - comments: 1.2.0 - dav: 1.3.0 - federatedfilesharing: 1.2.0 - files: 1.7.2 - files_accesscontrol: 1.2.5 - files_pdfviewer: 1.1.1 - files_sharing: 1.4.0 - files_texteditor: 2.4.1 - files_trashbin: 1.2.0 - files_versions: 1.5.0 - files_videoplayer: 1.1.0 - gallery: 17.0.0 - logreader: 2.0.0 - lookup_server_connector: 1.0.0 - music: 0.5.4 - notifications: 2.0.0 - oauth2: 1.0.5 - password_policy: 1.2.2 - provisioning_api: 1.2.0 - sharebymail: 1.2.0 - systemtags: 1.2.0 - theming: 1.3.0 - twofactor_backupcodes: 1.1.1 - updatenotification: 1.2.0 - workflowengine: 1.2.0

Nextcloud configuration:

Config report

{ "system": { "instanceid": "oc8rjwivhsrd", "passwordsalt": "***REMOVED SENSITIVE VALUE***", "secret": "***REMOVED SENSITIVE VALUE***", "trusted_domains": [ "***REMOVED SENSITIVE VALUE***" ], "datadirectory": "***REMOVED SENSITIVE VALUE***", "skeletondirectory": "", "overwrite.cli.url": "***REMOVED SENSITIVE VALUE***", "dbtype": "mysql", "version": "12.0.3.3", "dbname": "nextcloud", "dbhost": "172.17.0.2", "dbport": "", "dbtableprefix": "oc_", "dbuser": "***REMOVED SENSITIVE VALUE***", "dbpassword": "***REMOVED SENSITIVE VALUE***", "installed": true, "maintenance": false, "mail_smtpmode": "smtp", "mail_smtpauthtype": "LOGIN", "mail_from_address": "cloud", "mail_domain": "***REMOVED SENSITIVE VALUE***", "mail_smtphost": "***REMOVED SENSITIVE VALUE***", "mail_smtpport": "25", "mail_smtpauth": 1, "mail_smtpname": "***REMOVED SENSITIVE VALUE***", "mail_smtppassword": "***REMOVED SENSITIVE VALUE***", "theme": "" } }

**Are you using encryption:** https? or is there also a data encryption option? then no

Client configuration

Browser: Firefox and Chrome (also on Android)

Operating system: Windows, Linux, Android

Logs

Web server error log

Web server error log

Nothing related there

Nextcloud log (data/nextcloud.log)

Nextcloud log

Nothing related there

Browser log

Browser log

- Nothing in the js console. - Everything related in the network log I posted above

[lal12]

I digged into the code and guess it is not an enhancement, it is actually a bug. The following code is in the core/js/lostpassword.js:

  resetDone : function(result){
	var resetErrorMsg;
	if (result && result.status === 'success'){
		$.post(
				OC.webroot + '/ocs/v1.php',
				{
					user : window.location.href.split('/').pop(),
					password : $('#password').val()
				},
				OC.Lostpassword.redirect
		);

This is actually the request I reported in my initial post:

But afterwards there is an POST request to "/" which is replied with "405 Method not allowed", which is also correct, because it is an API request:

But this request fails because the index.php does not allow requests on /, so there is no redirect as there should be. I guess in earlier versions such an request was allowed.

I corrected the url to OC.webroot + '/ocs/v1.php', which works fine for me.

So I did a pull request: #7651

[lal12]

It would be also possible, to just remove that addtional request. At least I don't see any reason for this request.

[lal12]

Just for reference current PR is #7691. And maybe the tags of this issue should be changed to "bug" and maybe "2. developing".

[lal12]

#7691 #7921