Bug #101581
closedfelogin gives "1554994253: The link you clicked is not valid. Please repeat the forgot password procedure" on first login after password reset
100%
Description
Click 'Forgot your password' link, enter email address, click link in email received, set new password which meets the validation policy
When the new password is accepted the message is displayed
"1554994253: The link you clicked is not valid. Please repeat the forgot password procedure."
Yet the login has succeeded as can be shown by reloading the login page and seeing the logout button.
This only occurs on the first login after a password rest, and only if using the login box shown immediately after the new password is set. If I reload the page, after setting the password but before logging in, then login is successful first attempt.
TYPO3 12.4.4, on Ubuntu 22.4 LTS with Plesk 18.0.53
Server set to "(GMT +01:00) Europe/London" and PHP setting date.timezone = Europe/London (no change if I comment this out).
Bug? User error??
Updated by Simon Child over 1 year ago
Apologies, error in the above
Where I said
- When the new password is accepted the message is displayed
- "1554994253: The link you clicked is not valid. Please repeat the forgot password procedure."
I omitted a step.
I should have said
- When the new password is accepted a login box is displayed
- When I enter email and new password the following is displayed "1554994253: The link you clicked is not valid. Please repeat the forgot password procedure."
Updated by Torben Hansen about 1 year ago
- Status changed from New to Needs Feedback
Do you have any redirects configured (e.g. Redirect by referer)?
Updated by Simon Child about 1 year ago
Thanks for the response. Yes I do have login redirects configured.
I wondered whether that was relevant and so before submitting the above I commented out the configuration for redirects and the problem continued.
I just tested again, commenting out all redirect configuration and clearing cache and still the problem was there. But then I found styles.content.loginform.redirectDisable and set that to 1. That resolved the problem logging in after password reset, but at the cost of losing the benefit of redirects on login.
So as you thought there appears to be some unwanted interaction between redirects being configured and logging in after password reset.
Updated by Simon Child about 1 year ago
I can fix this now, and reproduce it again.
- If I set the felogin flexform redirect configuration to referer only then the above error occurs.
- If I change that to getpost only then I do not get that error.
- Change it back to referer and the error recurs.
I have the following typoscript on my root page:
config {
typolinkLinkAccessRestrictedPages = 363
typolinkLinkAccessRestrictedPages_addParams = &redirect_url=###RETURN_URL###
}
plugin.tx_felogin_login.settings.redirectMode = getpost
Updated by Torben Hansen 5 months ago
- Related to Bug #104214: Broken redirect to referrer after changing password added
Updated by Gerrit Code Review 5 months ago
- Status changed from Needs Feedback to Under Review
Patch set 2 for branch main of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/84925
Updated by Gerrit Code Review 5 months ago
Patch set 3 for branch main of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/84925
Updated by Gerrit Code Review 5 months ago
Patch set 1 for branch 12.4 of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/85195
Updated by Anonymous 5 months ago
- Status changed from Under Review to Resolved
- % Done changed from 0 to 100
Applied in changeset 007367dc0e1b0cfc1c07ca8d791dccefa66bff7c.