Bug 30086 - Unable to reset password
Summary: Unable to reset password
Status: RESOLVED MOVED
Alias: None
Product: Websites
Classification: Unclassified
Component: identity.mageia.org (show other bugs)
Version: trunk
Hardware: All Linux
Priority: Normal normal
Target Milestone: ---
Assignee: Sysadmin Team
QA Contact:
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2022-02-23 21:57 CET by Pierre Fortin
Modified: 2022-03-13 20:02 CET (History)
1 user (show)

See Also:
Source RPM:
CVE:
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Pierre Fortin 2022-02-23 21:57:17 CET 
Description of problem:  A couple months ago, I made a rookie mistake and lost ~600 saved passwords. Lots of pain since.
Anyway, trying to reset password on bugs and identity does not result in ability to logon to either.  Finally gave up and created a new account which works.


Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1. request password reset
2. follow link on reset email
3. unable to logon; get wrong password.
Comment 1 sturmvogel 2022-02-24 08:36:16 CET 
Can you describe your procedure a little bit further? 

1. go to https://identity.mageia.org/forgot_password
2. Enter your Email from the original user
3. Recieve Email with PW-reset link
4. Follow the link and create a new PW
5. Login with new PW and old user Name

I setup a completeley new user and did the above procedure for him and it worked flawlessly.


(In reply to Pierre Fortin from comment #0)
> 3. unable to logon; get wrong password.

So please describe it a little bit further.
Comment 2 Pierre Fortin 2022-02-24 10:24:48 CET 
Did all that...  your steps 1-4. At step 5, I get the error.

Entered pf@pfortin.com (my long time email here) and got:
   Email sent.

   Operation was successful. Check your mail for password reset instructions.

From: noreply@mageia.org
To: pf@pfortin.com
Subject:   Mageia Identity Management - Forgotten password
Date: Thu, 24 Feb 2022 09:55:32 +0100
X-Spam-Level: 

Dear Pierre Fortin,
Your Mageia account has been requested to change the password. If you did not do this, or you do not want to change your password; you can just do nothing.
To reset your password, please follow the link below.
https://identity.mageia.org/forgot_password/confirm?secret=863A338E-954F-11EC-8E6C-B85037CFFBF4

Clicked this link ^^^^^

New password field has 15 dots; no idea what is in there, so I delete it, and insert new password in both fields.

Interesting...  I'm logged in as pfortin@pfortin.com as I'm doing the reset (on pf@pfortin.com) in another browser window. The reset is done on pf@pfortin.com; but the login screen displays pfortin@pfortin.com. Changed it to pf@ and login fails.

Switched to another userid and browser...  I can login to the new account.

Trying to change old account's password from here...

This userid/browser has never been used to access the old pf@ account.  Same problem... password change "appears" to have been accepted. In this case, the login fields were empty. Filled them in and login fails.  Any chance that account is locked out? 
https://www.golinuxhub.com/2014/08/how-to-check-lock-status-of-any-user/
Filip Komar 2022-02-25 22:48:53 CET

Assignee: atelier-bugs => sysadmin-bugs
CC: (none) => filip.komar

Comment 3 Pierre Fortin 2022-03-13 20:02:02 CET 
Closing. I have a new account; so abandoning old one.

Status: NEW => RESOLVED
Resolution: (none) => MOVED
Note You need to log in before you can comment on or make changes to this bug.