Error with external password link #8966
Comments
|
The issue is caused here: https://github.com/nextcloud/server/blob/master/core/js/lostpassword.js#L49 If the user didn't enter something in the username/email field, the form is submitted (https://github.com/nextcloud/server/blob/master/core/js/lostpassword.js#L67) on click on the forgot-password link. Only if the user entered something before clicking the link, the redirect to the proper page is done in javascript. I think the if-construct here https://github.com/nextcloud/server/blob/master/core/js/lostpassword.js#L69 should be put before the check whether or not a username/email was entered. |
|
@skjnldsv @juliushaertl @jancborchardt Didn't one of you revamped the lost password dialog to be not a page reload but rather a transition? This seems not to work anymore with external password reset pages. |
|
Why was this issue closed? #10325 is a completely separate issue dealing with the absence of a password reset url, effectively disabling it. This issue here is about properly utilizing the password reset link when the login form is empty. |
|
Requesting reopen |
|
I'm not sure i understand the issue here. |
|
@skjnldsv Yes and doesn't look fixed by the pr |
|
@Koma-Andrea Let me try again :) The link is present on the page on you instance, right? Just clicking have no effect, correct? |
|
You can view the esxact problem in my youtube video: https://www.youtube.com/watch?v=P3V1wex7dtk I've added an url for the password reset but clicking on reset password instead of sending to the page request to insert an user. Inserting an user and clicking reset password give you a 'Reset password disabled' (which actually is to prevent users logged in to try (and fail) to change their passwords). |
|
Ah ok, it's working on my instance though. (see gif, I used nextcloud.com as reset link) Are you on nextcloud 14?
|
|
I can reproduce the problem with 13.0.5 but when i apply the patch from @skjnldsv pull request its fixed.
|
|
This has been fixed in nc 14! |
|
I'm on nc 14 and doesn'look fixed to me |
|
@Koma-Andrea I tried it again and it worked :/ |
|
I've no test installation only the production one and I would like not to publish the production url if you can mail me I will send you the link and the actual configuration to demostrate you the contrary. |
|
@skjnldsv Not really. It was only not working when the login form was empty, resulting in the message "Password reset is disabled". #10325 didn't seem to be addressing that issue but something else. However, that being said, i just retested and it seems that does resolve the issue. I guess I hadn't cleared the browser cache or something when I first tested the fix manually applied to my NC13 installation. |
|
@skjnldsv Reopen this one or have you already fixed it? |
|
@MorrisJobke all fixed |
Expected behaviour
Open external portal for password change (LDAP)
Actual behaviour
JS Takeover the click instead opening a new window
Server configuration
Operating system:
Centos7
Web server:
Nginx
Database:
Mariadb 10.2
PHP version:
7.0
Nextcloud version: (see Nextcloud admin page)
13.0.1
Updated from an older Nextcloud/ownCloud or fresh install:
from 13.0.0
The override for an external site to reset the password won't work anymore:
The code generated is
but the javascript override the click (href) asking for an username/email to reset the password.
Proceeding inserting those data causes the interface to reply a 'Password reset is disabled'
The text was updated successfully, but these errors were encountered: