Project

General

Profile

Actions
Copy link

Bug #101581

open

felogin gives "1554994253: The link you clicked is not valid. Please repeat the forgot password procedure" on first login after password reset

Added by Simon Child 10 months ago. Updated 7 months ago.

Status:
Needs Feedback
Priority:
Should have
Assignee:
-
Category:
felogin
Target version:
-
Start date:
2023-08-04
Due date:
% Done:

0%

Estimated time:
TYPO3 Version:
12
PHP Version:
8.1
Tags:
Complexity:
Is Regression:
Sprint Focus:

Description

Click 'Forgot your password' link, enter email address, click link in email received, set new password which meets the validation policy

When the new password is accepted the message is displayed

"1554994253: The link you clicked is not valid. Please repeat the forgot password procedure."

Yet the login has succeeded as can be shown by reloading the login page and seeing the logout button.

This only occurs on the first login after a password rest, and only if using the login box shown immediately after the new password is set. If I reload the page, after setting the password but before logging in, then login is successful first attempt.

TYPO3 12.4.4, on Ubuntu 22.4 LTS with Plesk 18.0.53

Server set to "(GMT +01:00) Europe/London" and PHP setting date.timezone = Europe/London (no change if I comment this out).

Bug? User error??

Actions
Copy link
 #1

Updated by Simon Child 10 months ago

Apologies, error in the above

Where I said

- When the new password is accepted the message is displayed
- "1554994253: The link you clicked is not valid. Please repeat the forgot password procedure."

I omitted a step.

I should have said

- When the new password is accepted a login box is displayed
- When I enter email and new password the following is displayed "1554994253: The link you clicked is not valid. Please repeat the forgot password procedure."
Actions
Copy link
 #2

Updated by Torben Hansen 9 months ago

  • Status changed from New to Needs Feedback

Do you have any redirects configured (e.g. Redirect by referer)?

Actions
Copy link
 #3

Updated by Simon Child 8 months ago

Thanks for the response. Yes I do have login redirects configured.

I wondered whether that was relevant and so before submitting the above I commented out the configuration for redirects and the problem continued.

I just tested again, commenting out all redirect configuration and clearing cache and still the problem was there. But then I found styles.content.loginform.redirectDisable and set that to 1. That resolved the problem logging in after password reset, but at the cost of losing the benefit of redirects on login.

So as you thought there appears to be some unwanted interaction between redirects being configured and logging in after password reset.

Actions
Copy link
 #4

Updated by Simon Child 7 months ago

I can fix this now, and reproduce it again.

  • If I set the felogin flexform redirect configuration to referer only then the above error occurs.
  • If I change that to getpost only then I do not get that error.
  • Change it back to referer and the error recurs.

I have the following typoscript on my root page:

config {
typolinkLinkAccessRestrictedPages = 363
typolinkLinkAccessRestrictedPages_addParams = &redirect_url=###RETURN_URL###
}

plugin.tx_felogin_login.settings.redirectMode = getpost

Actions
Copy link

Also available in: Atom PDF