Ticket #5548 (closed Bug: fixed)

Opened 8 years ago

Last modified 4 years ago

Redirected to wrong page ("pwreset_finish") when logging in immediately after resetting password

Reported by: comptekki Owned by: smcmahon
Priority: minor Milestone: 4.0
Component: JavaScript Version:
Keywords: loginresettool login overlay Cc: comptekki@…, esteele

Description

When I request a password wih passwordresetool and log in and set the Password, I get:

Password set

Your password has been set successfully. You may now log in with your new password.

But then I log in and see the same thing:

Password set

Your password has been set successfully. You may now log in with your new password.

Should this say "You are log in now" or something and not the reset password stuff?

Change History

comment:1 Changed 8 years ago by hannosch

  • Milestone changed from 2.5 to 2.5.x

comment:2 Changed 7 years ago by alecm

Please clarify, I don't understand.

comment:3 Changed 7 years ago by limi

  • Status changed from new to closed
  • Resolution set to invalid

No feedback, closing.

comment:4 Changed 7 years ago by hannosch

  • Milestone changed from 2.5.x-old to 2.5.3

Milestone 2.5.x-old deleted

comment:5 Changed 7 years ago by ethomas

  • Status changed from closed to reopened
  • Type changed from enhancement to defect
  • Milestone changed from 2.5.3 to 3.0
  • Resolution invalid deleted
  • Summary changed from minor appearance issue to Redirected to wrong page when logging in immediately after resetting password

Initial report is correct, and is also true in Plone3 beta3.

After requesting a password reset, you are taken to the 'pwreset_finish' template, which says "Your password has been set successfully. You may now log in with your new password."

If you then attempt to login from the portlet on this very page, you will log in successfully, but you'll be redirected back to the 'pwreset_finish' template, which is confusing, since it still says "Your password has been set successfully. You may now log in with your new password."

I think the fix is simply to add 'pwreset_finish' to the list of values to ignore in the 'came_from' variable in CMFPlone/skins/plone_login/login_next.cpy

comment:6 Changed 7 years ago by andycat

Hi I can confirm that it is a problem for stock plone 2.5.3 / zope 2.9.6

As this old revision within PasswordResetTool shows (  http://dev.plone.org/collective/browser/PasswordResetTool/trunk/skins/PasswordReset?rev=23541 )

the fix (as mentioned above) is to update login_next.cpy

  if template_id in ['login', 'login_success', 'login_password', 'login_failed',
                       'login_form', 'logged_in', 'logged_out', 'registered',
                       'mail_password', 'mail_password_form', 'join_form',
                       'require_login', 'member_search_results','pwreset_finish']:

comment:7 Changed 7 years ago by hannosch

  • Owner changed from plonista to wichert
  • Status changed from reopened to new

comment:8 Changed 6 years ago by claytron

can we get this fix into the next release? It's just a matter of adding one string to that list. I've tested it locally with 3.0.2 and it works with the change mentioned above.

comment:9 Changed 6 years ago by claytron

just as a note: #5954 is the Plone 2.5.x ticket for this same issue

comment:10 Changed 6 years ago by kleist

This still happens (or is it again? i.e. regression?) with Plone 3.1.2 / Zope 2.10.6.

In my opinion, this ticket should be escalated to "major".

When a new Plone user, after _having_ logged in for the first time, is told...

Your password has been set successfully. You may now log in with your new password.

... he first becomes confused, then when finding out that he in fact _is_ logged in, a very bad first impression of Plone.

Please note that the fix suggested by ethomas/andycat _has_ been implemented ( http://dev.plone.org/collective/log/PasswordResetTool/trunk/skins/PasswordReset/login_next.cpy?rev=23541).

comment:11 Changed 6 years ago by hannosch

  • Status changed from new to closed
  • Resolution set to fixed

(In [21501]) Added 'pwreset_finish' to the ignore_came_from list in login_next.cpy. This closes #5548.

comment:12 Changed 6 years ago by hannosch

  • Milestone changed from 3.x to 4.0

I fixed this on CMFPlone trunk. If someone wants to backport it to the 3.1 branch feel free to do so.

comment:13 Changed 6 years ago by maurits

For the record: this has been backported to 3.1 by Michael Dunlap in r22000 as reported in #8356.

comment:14 Changed 5 years ago by hannosch

  • Component changed from Login and registration to Infrastructure

comment:15 Changed 4 years ago by kleist

  • Status changed from closed to reopened
  • Keywords 2.5beta2 removed
  • Summary changed from Redirected to wrong page when logging in immediately after resetting password to Redirected to wrong page ("pwreset_finish") when logging in immediately after resetting password
  • Resolution fixed deleted
  • Milestone changed from 5.0 to 4.0

Exactly this happens again with Plone 4 coredev ( http://svn.plone.org/svn/plone/buildouts/plone-coredev/branches/4.0) r30975

comment:16 Changed 4 years ago by wichert

  • Status changed from reopened to new
  • Cc esteele added
  • Owner wichert deleted

comment:17 Changed 4 years ago by kleist

Note: This only happens, if the "Log in" link in the upper right corner is used. Logging in from the left side portlet causes the correct behavior.

comment:18 Changed 4 years ago by kleist

This is odd: Now and then this happens, but not always. I've failed to see a pattern...

comment:19 Changed 4 years ago by maurits

  • Owner set to mj
  • Component changed from Infrastructure to Javascript

Just checked with Plone 3.3 and it works fine there.

Okay, this happens in Plone 4 because you are on the pwreset_finish page, you click login in the top right corner and this opens a kind of popup with javascript. You fill this in correctly, the popup disappears, your name appears in the top right corner, but you remain on the pwreset_finish page.

I have seen similar things when you register a user as admin in the Users and Groups panel. Most of that has been fixed but before some recent changes in plone.app.users the form could submit and a raised warning or error message was never displayed. Currently at least no portal messages, like 'User added' are displayed when submitting that javascript form. I have no idea where to start looking.

comment:20 Changed 4 years ago by smcmahon

  • Owner changed from mj to smcmahon

Looks like there needs to be special handling in the popup when starting at pwreset_finish.

comment:21 Changed 4 years ago by esteele

  • Keywords overlay added

comment:22 Changed 4 years ago by smcmahon

  • Status changed from new to assigned

comment:23 Changed 4 years ago by smcmahon

  • Status changed from assigned to closed
  • Resolution set to fixed
Note: See TracTickets for help on using tickets.