Bug #488
closedProblems with the password resetting process
0%
Description
Joseph Lynch forgot his password and is having difficulty getting a new password. This is from his email to commons@gc.cuny.edu:
*Hi team, I'm trying to login, but my password wasn't working. So I tried
the password reminder and when I click on the link it just brings me
back to the login page with no new password prompts.
On 12/15/2010 11:35 AM, commons.gc.cuny.edu wrote:
Someone has asked to reset the password for the following site and username.
Username: joelynch
To reset your password visit the following address, otherwise just ignore this email and nothing will happen.
http://commons.gc.cuny.edu/wp-login.php?action=rp&key=hNC8ZwNoZRsIZya1pgV7&login=joelynch*
I tested this and ran into the same problem as Joe, but when I selected the URL attached to the email it did prompt another email which did give me my password.
Here was the exact process...
I selected "Lost Your Password" which took me to a page with the following information: "Please enter your username or e-mail address. You will receive a new password via e-mail." After I entered my username is said: "Check your e-mail for the confirmation link." (which contradicts the previous message). When I went into my email and selected the URL it took me to the login page which stated: "Check your e-mail for your new password." I then received an additional email with a new password.
I sent a follow up email to Joseph asking him to please select the URL in the email and see if that prompts another email with the password, but the process seems confusing. I'm still waiting from him to find out if he did indeed receive an additional email with his password and will update this ticket accordingly.
Thanks,
Sarah
Updated by Matt Gold over 13 years ago
- Status changed from New to Assigned
- Assignee set to Boone Gorges
- Target version set to 1.1.4
In fact, the "forgot password?" link no longer appears on the login page. it should.
Updated by Boone Gorges over 13 years ago
Can you clarify what needs to be done here? Just putting the Forgot Password link back on the login screen?
Updated by Sarah Morgano over 13 years ago
As an update, Joseph just reported that he never received the second "Your new password" email and still cannot access his account.
Updated by Boone Gorges over 13 years ago
- Status changed from Assigned to Resolved
The Lost Password link is readded to the login page in https://github.com/castiron/cac/commit/1c145be3307df7072e7c768652e420c0f5119ea5
I tested the password reset process on the production site and I found that it worked as expected:
1) Click 'Lost your password?' (or visit commons.gc.cuny.edu/wp-login.php?action=lostpassword)
2) Enter your username and submit. You get a new login screen with a message telling you to check your email
3) You get an email asking you to verify whether you were the one who initiated the password reset. Click the link in the email.
4) You are sent back to a login screen (which WP interprets as your confirming that you want your password reset) and are given a message to check your email for a new password
5) You get an email with the new password
This process in not entirely straighforward, but all the steps are for security reasons and cannot really be avoided. If you have suggestions for how the text (on-screen or email) might be changed to make it clearer, we can probably change that. (Though I suggest against too much wordiness. The WP messages are terse but accurate.)
If Joseph didn't get his new password email, there is a very high likelihood that it's in his spam folder, or that he got it but mistook it for a different email. The emails are being properly sent, according to my tests.
Marking this ticket as resolved. Sarah, please try walking Joseph through the reset process again (if he hasn't already figured it out). If you can confirm that something isn't working in the way I explain above, feel free to reopen the ticket.
Updated by Matt Gold over 13 years ago
It might also be worth pointing him to this ticket. I'm doing that more and more with members who have problems with the site.
Updated by Sarah Morgano over 13 years ago
I just sent Joseph a message with a link to this ticket. If the message is not in his spam folder I asked that he try the process one last time.
Best,
Sarah
Updated by Sarah Morgano over 13 years ago
It was in his junk folder, thanks for suggesting that. He also offered to send a message to the postmaster asking them to whitelist the "commons@gc.cuny.edu" and "no-reply@commons.gc.cuny.edu" addresses. Most helpful.
Best,
Sarah
Updated by Matt Gold over 13 years ago
Sarah - how are you doing on sending those notices out to campus IT depts? This reminds me that we really should try to finish that task soon.
Updated by Sarah Morgano over 13 years ago
I sent out a bunch of emails, but need to follow up -- especially because I didn't include the commons@gc.cuny.edu address in the original whitelist request. I will follow up before the holidays.
Best,
Sarah