Bug #87349
closedEpic #92636: felogin bug collection
FELogin - password recovery / forgot link
0%
Description
The password forgot link is not correctly generated, the url contains the following GET params:
tx_felogin_pi1%5Bforgothash%5D: 1546897690|4e485fd92fe2beebebf2f3b244e94371
tx_felogin_pi1%5Buser%5D: 123
cHash: 6de0887c9d906f020ca766f7c8067c03
Therefore sysext/felogin/Classes/Controller/FrontendLoginController.php:181 is never reached:
177: // What to display
178: $content = '';
179: if ($this->piVars['forgot'] && $this->conf['showForgotPasswordLink']) {
180: $content .= $this->showForgot();
181: } elseif ($this->piVars['forgothash']) {
182: $content .= $this->changePassword();
183: } else {
184: if ($this->userIsLoggedIn && !$this->logintype) {
185: $content .= $this->showLogout();
186: } else {
187: $content .= $this->showLogin();
188: }
189: }
If I modify it, so the url gets correctly encoded, then the chash comparison fails.
Updated by Nico de Haen almost 6 years ago
I don't get your point:
If the condition $this->piVars['forgot'] is wrong (or NULL) then the condition $this->piVars['forgothash'] is evaluated (which is true in your example) so line 182 will be executed...
Updated by Nico de Haen almost 6 years ago
- Related to Bug #87664: fe_login password reset link is double encoded added
Updated by Patrick Lenk almost 6 years ago
Since the upgrade to 9.5 of my installations, the reset link in the user emails look like this:
https://www.mydomain.local/25%7C5a5b6599d6664664bf2eac0412eba416&tx_felogin_pi1%5Buser%5D=14&cHash=35a87a1d4786223d382a77d1ce227fe9
This link goes to the 404 page. I have no route enhancers for felogin yet and the configuration is like in 8.7. The login form is on the root page and on a subpage.
With this route enhancers:
PasswordForgot: type: Plugin limitToPages: - 1 - 23 namespace: 'tx_felogin_pi1' routePath: '/password-forgot/{forgot}' PasswordReset: type: Plugin limitToPages: - 1 - 23 namespace: tx_felogin_pi1 routePath: '/password-reset/{forgothash}/{user}'
The link is look like this https://www.mydomain.local/73f7c4dbdaf0d8be8a6a/14/?cHash=8b62bcdc86249c817751f000725c1f6d
and goes also to the 404 page.
I think there is a bug with felogin and site handling. Or can anybody give me a source to correct felogin route enhancers.
Updated by Vasyl Mosiychuk over 5 years ago
it is my configuration
routeEnhancers:
ForgotPassword:
type: Plugin
limitToPages: [1]
namespace: 'tx_felogin_pi1'
routePath: '/forgot/password/{forgot}'
defaults:
forgot: '1'
requirements:
forgot: '^[1]{1}$'
ResetPassword:
type: Plugin
limitToPages: [1]
namespace: 'tx_felogin_pi1'
routePath: '/reset/password/{forgothash}/{user}'
requirements:
forgothash: '^[a-zA-Z0-9%]$'
user: '[0-9]{1..3}'
I get urls:
`https://www.mydomain.local/user/profile/login/forgot/password/1?cHash=ec0225deb7dbb47bbe939638f78cdc5d`
`https://www.mydomain.local/user/profile/login/reset/password/73f7c4dbdaf0d8be8a6a/1?cHash=8b62bcdc86249c817751f000725c1f6d`
..and it is works. I do not get 404 error
... but I have another problem with `cHash=....` I always his get so `..?cHash=....` and not so `../.../`
for example so... it is that I need
`https://www.mydomain.local/user/profile/login/forgot/password/1/ec0225deb7dbb47bbe939638f78cdc5d`
`https://www.mydomain.local/user/profile/login/reset/password/73f7c4dbdaf0d8be8a6a/1/8b62bcdc86249c817751f000725c1f6d`
...even if I to add another configuration
routeEnhancers:
ForgotPassword:
type: Plugin
limitToPages: [1]
namespace: 'tx_felogin_pi1'
routePath: '/forgot/password/{forgot}/{hash}'
defaults:
forgot: '1'
requirements:
forgot: '^[1]{1}$'
hash: '^[a-zA-Z0-9]{32}$'
ResetPassword:
type: Plugin
limitToPages: [1]
namespace: 'tx_felogin_pi1'
routePath: '/reset/password/{forgothash}/{user}/{hash}'
requirements:
forgothash: '^[a-zA-Z0-9%]$'
user: '[0-9]{1..3}'
hash: '^[a-zA-Z0-9]{32}$'
...after this I get URLs so..
`https://www.mydomain.local/user/profile/login?tx_felogin_pi1%5Bforgot%5D=1&cHash=ec0225deb7dbb47bbe939638f78cdc5d`
and
`https://www.mydomain.local/user/profile/login?tx_felogin_pi1%5Bforgothash%5D=1552985686%7Ca90f54764cdb5a81cf8804999368fdd6&tx_felogin_pi1%5Buser%5D=1&cHash=d1c604f5fbdc330a9167828763f3bdc7`
Updated by Patrick Lenk almost 5 years ago
Patrick no-lastname-given wrote:
Since the upgrade to 9.5 of my installations, the reset link in the user emails look like this:
https://www.mydomain.local/25%7C5a5b6599d6664664bf2eac0412eba416&tx_felogin_pi1%5Buser%5D=14&cHash=35a87a1d4786223d382a77d1ce227fe9This link goes to the 404 page. I have no route enhancers for felogin yet and the configuration is like in 8.7. The login form is on the root page and on a subpage.
With this route enhancers:
[...]The link is look like this
https://www.mydomain.local/73f7c4dbdaf0d8be8a6a/14/?cHash=8b62bcdc86249c817751f000725c1f6d
and goes also to the 404 page.I think there is a bug with felogin and site handling. Or can anybody give me a source to correct felogin route enhancers.
related to https://forge.typo3.org/issues/89960
Updated by Riccardo De Contardi almost 5 years ago
- Related to Bug #89960: Frontend login password reset link incorrect if feloginBaseURL is set and site configuration is used added
Updated by Georg Ringer almost 5 years ago
- Related to Task #90729: Migrate Felogin mail to FluidEmail added
Updated by Torben Hansen 9 months ago
- Status changed from New to Closed
This ticket is related to an issue in the legacy plugin of ext:felogin. Since there is no community support for this plugin any more since TYPO3 11.5, the issue will not be fixed. I will therefore close the ticket now.