Lost password e-mail not sent when trying to login with e-mail address

[Rudloff]

Steps to reproduce

1. Browse to the login page.
2. Try to login with a correct email address + a wrong password.
3. Click on the lost password link.

Expected behaviour

An e-mail is sent to the user.

Actual behaviour

Nothing happens.

(But it does work if the user uses its username instead of its e-mail address.)

Server configuration

Operating system: Ubuntu 14.04.5 LTS

Web server: Apache 2.4.7-1ubuntu4.20

Database: MySQL 5.5.61-0ubuntu0.14.04.1

PHP version: PHP 5.5.9-1ubuntu4.26

ownCloud version: 9.1.8

Updated from an older ownCloud or fresh install: Updated from an earlier 9.1.*

Where did you install ownCloud from: Git

Signing status (ownCloud 9.0 and above):

Integrity checker has been disabled. Integrity cannot be verified.

The content of config/config.php:

{
    "system": {
        "instanceid": "ocmyc2zd15vz",
        "passwordsalt": "***REMOVED SENSITIVE VALUE***",
        "secret": "***REMOVED SENSITIVE VALUE***",
        "trusted_domains": [
            "localhost",
            "drive.animafac.net"
        ],
        "datadirectory": "\/home\/drive\/public_html\/data",
        "overwrite.cli.url": "https:\/\/drive.animafac.net\/",
        "overwriteprotocol": "https",
        "forcessl": true,
        "dbtype": "mysql",
        "version": "9.1.8.2",
        "dbname": "drive",
        "dbhost": "localhost",
        "dbtableprefix": "oc_",
        "dbuser": "***REMOVED SENSITIVE VALUE***",
        "dbpassword": "***REMOVED SENSITIVE VALUE***",
        "logtimezone": "UTC",
        "installed": true,
        "theme": "animafac",
        "memcache.local": "\\OC\\Memcache\\XCache",
        "loglevel": 2,
        "maintenance": false,
        "knowledgebaseenabled": false,
        "singleuser": false
    }
}

List of activated apps:

Enabled:
  - calendar: 1.5.5
  - comments: 0.3.0
  - contacts: 1.5.3
  - dav: 0.2.7
  - federatedfilesharing: 0.3.0
  - files: 1.5.1
  - files_sharing: 0.10.0
  - files_trashbin: 0.9.0
  - files_versions: 1.3.0
  - piwik: 0.3.2
  - richdocuments: 2.0.5
  - updatenotification: 0.2.1
Disabled:
  - encryption
  - federation
  - files_external
  - provisioning_api
  - systemtags
  - testing
  - user_ldap

Are you using external storage, if yes which one: no

Are you using encryption: no

Are you using an external user-backend, if yes which one: no

Client configuration

Browser: Firefox 60.2.1esr

Operating system: Debian GNU/Linux 9.5 (stretch)

Logs

ownCloud log (data/owncloud.log)

{"reqId":"d4IccW0gkE3K+tMJmq07","remoteAddr":"2a01:cb0c:3:1a00:5cda:ace4:ca01:2889","app":"core","message":"Login failed: '[email protected]' (Remote IP: '2a01:cb0c:3:1a00:5cda:ace4:ca01:2889')","level":2,"time":"2018-09-26T10:44:56+00:00","method":"POST","url":"\/index.php\/login","user":"--"}
{"reqId":"d4IccW0gkE3K+tMJmq07","remoteAddr":"2a01:cb0c:3:1a00:5cda:ace4:ca01:2889","app":"core","message":"Login failed: 'Rudloff' (Remote IP: '2a01:cb0c:3:1a00:5cda:ace4:ca01:2889')","level":2,"time":"2018-09-26T10:44:56+00:00","method":"POST","url":"\/index.php\/login","user":"--"}
{"reqId":"CcYhyu4Hrnab9I3SB8oW","remoteAddr":"2a01:cb0c:3:1a00:5cda:ace4:ca01:2889","app":"core","message":"Could not send reset email because User does not exist. User: [email protected]","level":3,"time":"2018-09-26T10:45:03+00:00","method":"POST","url":"\/index.php\/lostpassword\/email","user":"--"}

Browser log

JQMIGRATE: Migrate is installed, version 1.4.0 jquery-migrate.min.js:2:542
XHRGEThttps://drive.animafac.net/core/img/breadcrumb.svg[HTTP/1.1 200 OK 0ms] 
XHRGEThttps://drive.animafac.net/cron.php[HTTP/1.1 200 OK 61ms] 
XHRPOSThttps://drive.animafac.net/index.php/lostpassword/email[HTTP/1.1 200 OK 108ms] 

[ownclouders]

GitMate.io thinks the contributors most likely able to help are @PVince81, and @ownclouders.

Possibly related issues are #16431 (Recover login password), #25715 (E-mail login fails when two users have the same e-mail address), #927 (Invalid default (& lost password) email sender address), #21466 (lost password hash expire), and #11682 (Send password when sharing via e-mail).

[phil-davis]

@paurakhsharma @dpakach @skshetry please look and confirm if this is a bug, and anyway make a webUI test to cover it.

[skshetry]

Can confirm. But i am getting the token in the email, which on clicking says Could not reset password because the token is invalid.

The link is in the format /lostpassword/reset/form/<token>/<email>. But changing that link to /lostpassword/reset/form/<token>/<username> does work.

[paurakhsharma]

Actually, the reset email is being sent. But the link is invalid as said by @skshetry

[phil-davis]

@Rudloff we are seeing the the "actual behaviour" is that the email is sent, but the link for resetting the password is not correct.

Can you confirm that, in your case, the email is actually received (but link is wrong)?

Or are you experiencing some other version of wrong behaviour?

[Rudloff]

In my case, the e-mail is never sent. This is because I am still using 9.1.8.
I had a look at the code and this was fixed in 10.0 here: 74f42a8

Is the 9.1 branch still updated? Would a pull request backporting this fix be accepted?
(We are still stuck on Ubuntu 14.04/PHP 5.5 until January 2019 😞 )

[PVince81]

@Rudloff 9.1 is EOL since March 2019 and will not receive any more releases: https://github.com/owncloud/core/wiki/Maintenance-and-Release-Schedule

in your own case you could try attempting to backport the fix yourself but there is a risk that the code is not compatible

[phil-davis]

See issue #32889 for details of the issue we found in current 10.* code.