Server: Error with external password link

Created on 23 Mar 2018  路  18Comments  路  Source: nextcloud/server

Expected behaviour

Open external portal for password change (LDAP)

Actual behaviour

JS Takeover the click instead opening a new window

Server configuration

Operating system:
Centos7

Web server:
Nginx
Database:
Mariadb 10.2
PHP version:
7.0
Nextcloud version: (see Nextcloud admin page)
13.0.1
Updated from an older Nextcloud/ownCloud or fresh install:
from 13.0.0

The override for an external site to reset the password won't work anymore:

 'lost_password_link' => 'https://reset.mysite.url',

The code generated is 


                <a id="lost-password" href="https://reset.irideos.it">
                    Forgot password?                </a>
                <a id="lost-password-back" href="" style="display:none;">
                    Back to log in              </a>

but the javascript override the click (href) asking for an username/email to reset the password.
Proceeding inserting those data causes the interface to reply a 'Password reset is disabled'

bug regression
Source
picture Koma-Andrea

Most helpful comment

https://youtu.be/P3V1wex7dtk

picture Koma-Andrea on 23 Mar 2018
👍2

All 18 comments

https://youtu.be/P3V1wex7dtk

Koma-Andrea picture Koma-Andrea on 23 Mar 2018
👍2

The issue is caused here: https://github.com/nextcloud/server/blob/master/core/js/lostpassword.js#L49

If the user didn't enter something in the username/email field, the form is submitted (https://github.com/nextcloud/server/blob/master/core/js/lostpassword.js#L67) on click on the forgot-password link. Only if the user entered something before clicking the link, the redirect to the proper page is done in javascript.

I think the if-construct here https://github.com/nextcloud/server/blob/master/core/js/lostpassword.js#L69 should be put before the check whether or not a username/email was entered.

kgw4it picture kgw4it on 10 Apr 2018
👍1

https://youtu.be/P3V1wex7dtk

@skjnldsv @juliushaertl @jancborchardt Didn't one of you revamped the lost password dialog to be not a page reload but rather a transition?

This seems not to work anymore with external password reset pages.

MorrisJobke picture MorrisJobke on 28 Jun 2018

Why was this issue closed? #10325 is a completely separate issue dealing with the absence of a password reset url, effectively disabling it.

This issue here is about properly utilizing the password reset link when the login form is empty.

piranhaphish picture piranhaphish on 14 Aug 2018
👍1

Requesting reopen

Koma-Andrea picture Koma-Andrea on 14 Aug 2018

I'm not sure i understand the issue here.
Wasn't it just that the link to external pass reset was not working?

skjnldsv picture skjnldsv on 17 Aug 2018

@skjnldsv Yes and doesn't look fixed by the pr

Koma-Andrea picture Koma-Andrea on 17 Aug 2018

@Koma-Andrea Let me try again :)

The link is present on the page on you instance, right? Just clicking have no effect, correct?

skjnldsv picture skjnldsv on 17 Aug 2018

You can view the esxact problem in my youtube video: https://www.youtube.com/watch?v=P3V1wex7dtk

I've added an url for the password reset but clicking on reset password instead of sending to the page request to insert an user.

Inserting an user and clicking reset password give you a 'Reset password disabled' (which actually is to prevent users logged in to try (and fail) to change their passwords).

Koma-Andrea picture Koma-Andrea on 17 Aug 2018

Ah ok, it's working on my instance though. (see gif, I used nextcloud.com as reset link)
But I need to fix the second part (which should not be accessible)

Are you on nextcloud 14?

peek 17-08-2018 15-35

skjnldsv picture skjnldsv on 17 Aug 2018

I can reproduce the problem with 13.0.5 but when i apply the patch from @skjnldsv pull request its fixed.

cd nextcloud
https://patch-diff.githubusercontent.com/raw/nextcloud/server/pull/10325.patch
patch -p1 < 10325.patch
./occ maintenance:repair

kesselb picture kesselb on 17 Aug 2018

This has been fixed in nc 14!
Though A backport can be great. Let me create one

skjnldsv picture skjnldsv on 17 Aug 2018
👍1

I'm on nc 14 and doesn'look fixed to me

Koma-Andrea picture Koma-Andrea on 17 Aug 2018

@Koma-Andrea I tried it again and it worked :/

skjnldsv picture skjnldsv on 17 Aug 2018

I've no test installation only the production one and I would like not to publish the production url if you can mail me I will send you the link and the actual configuration to demostrate you the contrary.

Koma-Andrea picture Koma-Andrea on 17 Aug 2018

@skjnldsv Not really. It was only not working when the login form was empty, resulting in the message "Password reset is disabled". #10325 didn't seem to be addressing that issue but something else.

However, that being said, i just retested and it seems that does resolve the issue. I guess I hadn't cleared the browser cache or something when I first tested the fix manually applied to my NC13 installation.

piranhaphish picture piranhaphish on 17 Aug 2018
👍1

@skjnldsv Reopen this one or have you already fixed it?

MorrisJobke picture MorrisJobke on 20 Aug 2018

@MorrisJobke all fixed

skjnldsv picture skjnldsv on 20 Aug 2018
Was this page helpful?
0 / 5 - 0 ratings

Related issues

e-alfred picture e-alfred  路  3Comments
j-ed picture j-ed  路  3Comments
georgehrke picture georgehrke  路  3Comments
ThomasLeister picture ThomasLeister  路  3Comments
mfechner picture mfechner  路  3Comments