Cms: setPasswordPath doesn't work properly
Description
I set setPasswordPath in general.php as the following:
'setPasswordPath' => 'set-new-password',
However, a reset password link in an email is still the following:
https://example.com/actions/users/set-password?code=foo&id=bar
I think it should be https://example.com/set-new-password?code=foo&id=bar.
Additional info
- Craft version: Craft CMS 3.3.2
- PHP version: 7.2.22
- Database driver & version:
- Plugins & versions: MySQL 5.5.5
tinybeans
All 6 comments
The setPasswordPath docs state that this setting is for a _template path_, not a URI. So it’s currently working as expected.
However all similar *Path settings are URIs rather that template paths – setPasswordSuccessPath, verifyEmailSuccessPath, activateAccountSuccessPath, invalidUserTokenPath, loginPath, and logoutPath – so it does make sense that setPasswordPath should also be set to a URI as well.
brandonkelly
on 12 Sep 2019
Thank you for explaining, and I'm sorry for the misunderstanding.
I understood how to use setPasswordPath, and I confirmed it's properly working.
I think it's okay as is.
tinybeans
on 12 Sep 2019
I’ve gone ahead and changed this for Craft 3.4, so setPasswordPath will behave very similarly to loginPath, in that the setting doubles as both a URL route (to the users/set-password action) _and_ the template path that should be loaded by the action. So Set Password URLs will now look like http://mysite.com/set-password-path for users that don’t have Control Panel access.
I’ve also added a new verifyEmailPath config setting, so new email verification links can look pretty as well, rather than .../actions/users/verify-email.
To test, change your craftcms/cms requirement in composer.json to:
"require": {
"craftcms/cms": "3.4.x-dev#3013ab82874e59cbb7f2add9629c6855dce1db73 as 3.3.2",
"...": "..."
}
Then run composer update.
brandonkelly
on 12 Sep 2019
That's awesome! Thank you!
tinybeans
on 12 Sep 2019
@brandonkelly I'm having trouble with this in Craft 3.4.6.1.
I have the following setting in my config: 'setPasswordPath' => 'resetpassword'.
I also have a custom route: 'resetpassword' => ['template' => '_users/resetpassword'],
With the config setting added, navigating to /resetpassword throws a 400 Bad Request error. Request missing required param
The issue seems to relate to the following line in UserController.php.
$uid = Craft::$app->getRequest()->getRequiredParam('id');
If I comment out the setPasswordPath, my /resetpassword page works fine, but /setpassword still exists and throws the same error. I'd prefer this to be enabled and for /setpassword to throw a 404.
jsunsawyer
on 19 Feb 2020
@brandonkelly Please disregard my previous comment. First time setting up front-end user accounts. I was mixing up the forgot password and set password templates. It was expecting a set password template and I was pointing to the forgot password one.
jsunsawyer
on 19 Feb 2020
Related issues
richhayler
·
3Comments
davist11
·
3Comments
rynpsc
·
3Comments
bitboxfw
·
3Comments
brandonkelly
·
3Comments
Most helpful comment
I’ve gone ahead and changed this for Craft 3.4, so
setPasswordPathwill behave very similarly tologinPath, in that the setting doubles as both a URL route (to theusers/set-passwordaction) _and_ the template path that should be loaded by the action. So Set Password URLs will now look likehttp://mysite.com/set-password-pathfor users that don’t have Control Panel access.I’ve also added a new
verifyEmailPathconfig setting, so new email verification links can look pretty as well, rather than.../actions/users/verify-email.To test, change your
craftcms/cmsrequirement in composer.json to:Then run
composer update.