You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Reset password does not work properly.
If someone makes a reset password request, request works and "passwordResetTokenEmailsSent" goes up to 3.
Even 48h after, passwordResetTokenEmailsSent stays at 3, so reset emails are not sent.
BUT, this number is never reset to 0, even if time interval (24h) is done.
Expected Behavior
passwordResetTokenEmailsSent should reset to 0 if a new request is made after 24h interval.
Steps to Reproduce
In admin login form :
Forgot password
Fill email/user
request password x>3 times
You should receive max 3 emails.
In database :
Change value of passwordResetTokenExpiresAt : substract some days/months so expiresAt < Now DateTime
In admin login form :
Request password
You should not receive emails, because, when requesting, it generates a new token that expires in 24h BEFORE checking if your passwordResetTokenEmailsSent and passwordResetTokenExpiresAt. Then it checks theses 2 values.
Of course, your newly generated token expires in 24h and your passwordResetTokenEmailsSent is still at 3, so you will not receive any email.
Possible Solutions
In \Sulu\Bundle\SecurityBundle\Controller\ResettingController::sendEmailAction , calling
$token = $this->generateTokenForUser($user);
then
$this->sendTokenEmail($user, $this->getSenderAddress($request), $email, $token);
Conditions are verified in \Sulu\Bundle\SecurityBundle\Controller\ResettingController::sendTokenEmail.
These conditions should be verified in generateTokenForUser and not in sendTokenEmail as generateTokenForUser updates values of the conditions and makes it irrelevant.
The text was updated successfully, but these errors were encountered:
Actual Behavior
Reset password does not work properly.
If someone makes a reset password request, request works and "passwordResetTokenEmailsSent" goes up to 3.
Even 48h after, passwordResetTokenEmailsSent stays at 3, so reset emails are not sent.
BUT, this number is never reset to 0, even if time interval (24h) is done.
Expected Behavior
passwordResetTokenEmailsSent should reset to 0 if a new request is made after 24h interval.
Steps to Reproduce
In admin login form :
You should receive max 3 emails.
In database :
In admin login form :
You should not receive emails, because, when requesting, it generates a new token that expires in 24h BEFORE checking if your passwordResetTokenEmailsSent and passwordResetTokenExpiresAt. Then it checks theses 2 values.
Of course, your newly generated token expires in 24h and your passwordResetTokenEmailsSent is still at 3, so you will not receive any email.
Possible Solutions
In \Sulu\Bundle\SecurityBundle\Controller\ResettingController::sendEmailAction , calling
$token = $this->generateTokenForUser($user);
then
$this->sendTokenEmail($user, $this->getSenderAddress($request), $email, $token);
Conditions are verified in \Sulu\Bundle\SecurityBundle\Controller\ResettingController::sendTokenEmail.
These conditions should be verified in generateTokenForUser and not in sendTokenEmail as generateTokenForUser updates values of the conditions and makes it irrelevant.
The text was updated successfully, but these errors were encountered: