Skip to content
This repository has been archived by the owner on Feb 12, 2022. It is now read-only.

Password reset flow does not work if previously logged in with a different email #222

Open
mikehale opened this issue Apr 22, 2016 · 3 comments
Open

Password reset flow does not work if previously logged in with a different email #222

mikehale opened this issue Apr 22, 2016 · 3 comments
Labels
bug customer

Comments

@mikehale
Copy link
Contributor

mikehale commented Apr 22, 2016
edited
Loading

Steps to reproduce

  1. Setup you+test@heroku.com account

  2. Login as you@heroku.com

  3. Logout

  4. Reset password for you+test@heroku.com account

  5. No reset is sent!

  6. Lookup the password reset hash in api:

    User['you+test@heroku.com'].reset_password_hash
> 2cc7e6ef2e0f02afb9c35b0be5a29bc8

  7. Go to https://id.heroku.com/account/password/reset/2cc7e6ef2e0f02afb9c35b0be5a29bc8

  8. Reset password

  9. Reset is successful, but you are redirected to the login form with you@heroku.com prefilled, not you+test@heroku.com

  10. Logging in with the new password for you+test@heroku.com works.
@mikehale
Copy link
Contributor Author

This issue was discovered because of a support ticket: https://support.heroku.com/tickets/357431

@mikehale
Copy link
Contributor Author

@dmcinnes or @adelcambre any ideas on this one?

@dmcinnes
Copy link
Contributor

The login prefill is almost certatingly coming from autocomplete on the user's browser since we don't keep track of or set a default value:
https://github.com/heroku/identity/blob/master/views/login.slim#L21
The no email sent is weird though, we can check our mail logs to see what happened to it...

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
bug customer
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@mikehale @dmcinnes