-
-
Notifications
You must be signed in to change notification settings - Fork 7.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Reset Password permission is disabled by default #6440
Comments
To piggyback on this, I also noticed the code is pretty long. Is there any documentations on how to change the code generation to an Cheers. |
I did some additional research, and it seems as if the issue is with authentication. The code is supposed to be JWT that authenticates a user temporarily with limited access to complete this process. Normally, password reset is done before the user is authenticated which explains why we see the 403 error. |
This comment has been minimized.
This comment has been minimized.
Hi, I face same issue and i am able to resolve it with below step.
|
That seems to work fine now, thanks for helping out. Am I the only one who finds the token to be cumbersome, would it be enough for it to be a simple OTP of say 8 digits or something of that nature? |
Best way to reset password is having one time use token. Strapi has done that internally so it is good to use inbuilt API. |
I am not sure I followed, |
Strapi has done that internally so it is good to use inbuilt API means Strapi has reset password api so we dont have to do overhead work for user to have reset password. So its best to use strapi inbuilt api. |
Ah that is what you meant, gotcha. That part definitely works well. Please see my previous riposte, it is updated with more information. In a nutshell, all I am saying is that the token could be much shorter. |
Thank you for reporting this issue. It's an easy issue to fix. |
Signed-off-by: Jim LAURIE <j.laurie6993@gmail.com>
Signed-off-by: Jim LAURIE <j.laurie6993@gmail.com> Signed-off-by: harimkims <harimkims@gmail.com>
Hello! Can you please create a new GitHub issue by using the GitHub issue template, providing all required information. Your issue looks related to that topic but it's an old one. Using another thread (GitHub issue) will be able to manage your case. Thank you and have a good day. |
Hi @bsakweson, I am currently looking for a solution to send shorter reset code like 6 digits or OTP sms using firebase. Have you found any solution for it? Also @richardgrey, you mean strapi has the forgotPassword() api for it, so we have options to customize it? do you have any instructions to change the api flow which help us to customise the reset code from Strapi or using third party code like OTP sms firebase? |
Hi @bsakweson, I found a temporary solution that we can customize this line |
How can I have access to the code from the email ? |
Hi @Ejazkhan999 your screenshot shows an invalid URL :) it's repeat |
hello. could somebody explain me how to change password for the strapi login? i have checked resetpassword on under user-permissions. but where do i change the password now? |
@mickhah these docs should explain you how to implement reset & forgot password: https://strapi.io/documentation/developer-docs/latest/development/plugins/users-permissions.html#forgotten-reset-password |
Describe the bug
Reset Password permission is disabled by default. So you can send an email for a password reset but can't actually reset it.
Steps to reproduce the behavior
/auth/forgot-password { email: 'some@email.com' }
/auth/reset-password { code: 'codeFromEmail', password: 'newPassword', ... }
Forbidden 403
Expected behavior
Password reset successfully.
System
Additional context
I've debugged a code a little and I guess the issue is related to #5655 (Change Password was renamed to Reset Password) and especially to the following code: https://github.com/strapi/strapi/blob/master/packages/strapi-plugin-users-permissions/services/UsersPermissions.js#L25
Changing
changepassword
toresetpassword
might resolve the issue.The text was updated successfully, but these errors were encountered: