Project

General

Profile

Actions

Bug #488

closed

Problems with the password resetting process

Added by Sarah Morgano almost 12 years ago. Updated almost 12 years ago.

Status:
Resolved
Priority name:
Normal
Assignee:
Category name:
BuddyPress (misc)
Target version:
Start date:
2010-12-15
Due date:
% Done:

0%

Estimated time:
Deployment actions:

Description

Joseph Lynch forgot his password and is having difficulty getting a new password. This is from his email to :

*Hi team, I'm trying to login, but my password wasn't working. So I tried
the password reminder and when I click on the link it just brings me
back to the login page with no new password prompts.

On 12/15/2010 11:35 AM, commons.gc.cuny.edu wrote:

Someone has asked to reset the password for the following site and username.

http://commons.gc.cuny.edu/

Username: joelynch

To reset your password visit the following address, otherwise just ignore this email and nothing will happen.

http://commons.gc.cuny.edu/wp-login.php?action=rp&key=hNC8ZwNoZRsIZya1pgV7&login=joelynch*

I tested this and ran into the same problem as Joe, but when I selected the URL attached to the email it did prompt another email which did give me my password.

Here was the exact process...
I selected "Lost Your Password" which took me to a page with the following information: "Please enter your username or e-mail address. You will receive a new password via e-mail." After I entered my username is said: "Check your e-mail for the confirmation link." (which contradicts the previous message). When I went into my email and selected the URL it took me to the login page which stated: "Check your e-mail for your new password." I then received an additional email with a new password.

I sent a follow up email to Joseph asking him to please select the URL in the email and see if that prompts another email with the password, but the process seems confusing. I'm still waiting from him to find out if he did indeed receive an additional email with his password and will update this ticket accordingly.

Thanks,

Sarah

Actions #1

Updated by Matt Gold almost 12 years ago

  • Status changed from New to Assigned
  • Assignee set to Boone Gorges
  • Target version set to 1.1.4

In fact, the "forgot password?" link no longer appears on the login page. it should.

Actions #2

Updated by Boone Gorges almost 12 years ago

Can you clarify what needs to be done here? Just putting the Forgot Password link back on the login screen?

Actions #3

Updated by Sarah Morgano almost 12 years ago

As an update, Joseph just reported that he never received the second "Your new password" email and still cannot access his account.

Actions #4

Updated by Boone Gorges almost 12 years ago

  • Status changed from Assigned to Resolved

The Lost Password link is readded to the login page in https://github.com/castiron/cac/commit/1c145be3307df7072e7c768652e420c0f5119ea5

I tested the password reset process on the production site and I found that it worked as expected:
1) Click 'Lost your password?' (or visit commons.gc.cuny.edu/wp-login.php?action=lostpassword)
2) Enter your username and submit. You get a new login screen with a message telling you to check your email
3) You get an email asking you to verify whether you were the one who initiated the password reset. Click the link in the email.
4) You are sent back to a login screen (which WP interprets as your confirming that you want your password reset) and are given a message to check your email for a new password
5) You get an email with the new password

This process in not entirely straighforward, but all the steps are for security reasons and cannot really be avoided. If you have suggestions for how the text (on-screen or email) might be changed to make it clearer, we can probably change that. (Though I suggest against too much wordiness. The WP messages are terse but accurate.)

If Joseph didn't get his new password email, there is a very high likelihood that it's in his spam folder, or that he got it but mistook it for a different email. The emails are being properly sent, according to my tests.

Marking this ticket as resolved. Sarah, please try walking Joseph through the reset process again (if he hasn't already figured it out). If you can confirm that something isn't working in the way I explain above, feel free to reopen the ticket.

Actions #5

Updated by Matt Gold almost 12 years ago

It might also be worth pointing him to this ticket. I'm doing that more and more with members who have problems with the site.

Actions #6

Updated by Sarah Morgano almost 12 years ago

I just sent Joseph a message with a link to this ticket. If the message is not in his spam folder I asked that he try the process one last time.

Best,

Sarah

Actions #7

Updated by Sarah Morgano almost 12 years ago

It was in his junk folder, thanks for suggesting that. He also offered to send a message to the postmaster asking them to whitelist the "" and "" addresses. Most helpful.

Best,

Sarah

Actions #8

Updated by Boone Gorges almost 12 years ago

Great news! Thanks for the update!

Actions #9

Updated by Matt Gold almost 12 years ago

Sarah - how are you doing on sending those notices out to campus IT depts? This reminds me that we really should try to finish that task soon.

Actions #10

Updated by Sarah Morgano almost 12 years ago

I sent out a bunch of emails, but need to follow up -- especially because I didn't include the address in the original whitelist request. I will follow up before the holidays.

Best,

Sarah

Actions #11

Updated by Matt Gold almost 12 years ago

Great -- thank you, Sarah.

Actions

Also available in: Atom PDF