• Do not register here on develop.twiki.org, login with your twiki.org account.
• Use View topic Item7848 for generic doc work for TWiki-6.1.1. Use View topic Item7851 for doc work on extensions that are not part of a release. More... Close
• Anything you create or change in standard webs (Main, TWiki, Sandbox etc) will be automatically reverted on every SVN update.
Does this site look broken?. Use the LitterTray web for test cases.

Item5850: ResetPassword/ChangePassword combo "Oops: we could not recognize you"

Item Form Data

AppliesTo: Component: Priority: CurrentState: WaitingFor: TargetRelease ReleasedIn
Engine   Urgent Closed   patch 4.2.1

Edit Form Data

Summary:
Reported By:
Codebase:
Applies To:
Component:
Priority:
Current State:
Waiting For:
Target Release:
Released In:
 

Detail

NB you must be logged out to reproduce this!

I'm using TemplateLogin, and HtPasswdUser.

Performing a ResetPassword immediately followed by a ChangePassword brings up the login screen with

Oops: we could not recognize you. Try again or reset your password.

There's nothing out of the ordinary in the logs.

If you then enter your automatically generated password in the login Oops form, you then get:

Missing Fields

** username fields are required.

Please go back in your browser and try again.

However, after this point you are actually logged in, using the automatically generated password.

The user is in TWikiUsers, and this happens even if I reset a known working account.

If you instead ResetPassword, then log in normally with the auto-generated password (rather than via ChangePassword), then use ChangePassword, it works correctly.

-- TWiki:Main/EllisPritchard - 30 Jul 2008

Here's the complete HTTP log:

http://development2.wiley.co.uk/twiki/bin/manage/TWiki/WebHome

POST /twiki/bin/manage/TWiki/WebHome HTTP/1.1
Host: development2.wiley.co.uk
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.9.0.1) Gecko/2008070208 Firefox/3.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-gb,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Connection: keep-alive
Referer: http://development2.wiley.co.uk/twiki/bin/view/TWiki/ChangePassword
Cookie: TWIKISID=81590dfe7e85df167aa79cd612b8a411
Content-Type: application/x-www-form-urlencoded
Content-Length: 135
username=EllisPritchard&oldpassword=983847554&password=newpassword&passwordA=newpassword&TopicName=ChangePassword&action=changePassword
HTTP/1.x 302 Moved
Date: Wed, 30 Jul 2008 11:34:03 GMT
Server: Apache/2.0.54 (Unix) DAV/2 PHP/4.4.2 mod_sar/1.1
Set-Cookie: TWIKISID=81590dfe7e85df167aa79cd612b8a411; path=/
Location: /twiki/bin/login/TWiki/WebHome?twiki_redirect_cache=8af5e6722041e04c25187326b08dc7ae
Content-Length: 0
Connection: close
Content-Type: text/plain; charset=ISO-8859-1
----------------------------------------------------------
http://development2.wiley.co.uk/twiki/bin/login/TWiki/WebHome?twiki_redirect_cache=8af5e6722041e04c25187326b08dc7ae

GET /twiki/bin/login/TWiki/WebHome?twiki_redirect_cache=8af5e6722041e04c25187326b08dc7ae HTTP/1.1
Host: development2.wiley.co.uk
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.9.0.1) Gecko/2008070208 Firefox/3.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-gb,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Connection: keep-alive
Referer: http://development2.wiley.co.uk/twiki/bin/view/TWiki/ChangePassword
Cookie: TWIKISID=81590dfe7e85df167aa79cd612b8a411

HTTP/1.x 200 OK
Date: Wed, 30 Jul 2008 11:34:05 GMT
Server: Apache/2.0.54 (Unix) DAV/2 PHP/4.4.2 mod_sar/1.1
Set-Cookie: TWIKISID=81590dfe7e85df167aa79cd612b8a411; path=/
Connection: close
Transfer-Encoding: chunked
Content-Type: text/html; charset=iso-8859-1
----------------------------------------------------------
http://development2.wiley.co.uk/twiki/bin/login/TWiki/WebHome

POST /twiki/bin/login/TWiki/WebHome HTTP/1.1
Host: development2.wiley.co.uk
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.9.0.1) Gecko/2008070208 Firefox/3.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-gb,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Connection: keep-alive
Referer: http://development2.wiley.co.uk/twiki/bin/login/TWiki/WebHome?twiki_redirect_cache=8af5e6722041e04c25187326b08dc7ae
Cookie: TWIKISID=81590dfe7e85df167aa79cd612b8a411
Content-Type: application/x-www-form-urlencoded
Content-Length: 183
username=EllisPritchard&password=983847554&oldpassword=983847554&passwordA=newpassword&TopicName=ChangePassword&action=changePassword&origurl=%2Ftwiki%2Fbin%2Fmanage%2FTWiki%2FWebHome
HTTP/1.x 302 Moved
Date: Wed, 30 Jul 2008 11:34:15 GMT
Server: Apache/2.0.54 (Unix) DAV/2 PHP/4.4.2 mod_sar/1.1
Set-Cookie: TWIKISID=81590dfe7e85df167aa79cd612b8a411; path=/
Location: /twiki/bin/manage/TWiki/WebHome?twiki_redirect_cache=c9198768bb9e31d8f51c7b4bb53deb8b
Content-Length: 0
Connection: close
Content-Type: text/plain; charset=ISO-8859-1
----------------------------------------------------------
http://development2.wiley.co.uk/twiki/bin/manage/TWiki/WebHome?twiki_redirect_cache=c9198768bb9e31d8f51c7b4bb53deb8b

GET /twiki/bin/manage/TWiki/WebHome?twiki_redirect_cache=c9198768bb9e31d8f51c7b4bb53deb8b HTTP/1.1
Host: development2.wiley.co.uk
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.9.0.1) Gecko/2008070208 Firefox/3.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-gb,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Connection: keep-alive
Referer: http://development2.wiley.co.uk/twiki/bin/login/TWiki/WebHome?twiki_redirect_cache=8af5e6722041e04c25187326b08dc7ae
Cookie: TWIKISID=81590dfe7e85df167aa79cd612b8a411

HTTP/1.x 302 Moved
Date: Wed, 30 Jul 2008 11:34:16 GMT
Server: Apache/2.0.54 (Unix) DAV/2 PHP/4.4.2 mod_sar/1.1
Set-Cookie: TWIKISID=81590dfe7e85df167aa79cd612b8a411; path=/
Location: http://development2.wiley.co.uk/twiki/bin/oops/TWiki/WebHome?oldpassword=983847554;passwordA=newpassword;TopicName=ChangePassword;action=changePassword;template=oopsattention;def=missing_fields;param1=username;template=oopsattention;def=missing_fields;param1=username
Content-Length: 0
Connection: close
Content-Type: text/plain; charset=ISO-8859-1
----------------------------------------------------------
http://development2.wiley.co.uk/twiki/bin/oops/TWiki/WebHome?oldpassword=983847554;passwordA=newpassword;TopicName=ChangePassword;action=changePassword;template=oopsattention;def=missing_fields;param1=username;template=oopsattention;def=missing_fields;param1=username

GET /twiki/bin/oops/TWiki/WebHome?oldpassword=983847554;passwordA=newpassword;TopicName=ChangePassword;action=changePassword;template=oopsattention;def=missing_fields;param1=username;template=oopsattention;def=missing_fields;param1=username HTTP/1.1
Host: development2.wiley.co.uk
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.9.0.1) Gecko/2008070208 Firefox/3.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-gb,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Connection: keep-alive
Referer: http://development2.wiley.co.uk/twiki/bin/login/TWiki/WebHome?twiki_redirect_cache=8af5e6722041e04c25187326b08dc7ae
Cookie: TWIKISID=81590dfe7e85df167aa79cd612b8a411

HTTP/1.x 200 OK
Date: Wed, 30 Jul 2008 11:34:17 GMT
Server: Apache/2.0.54 (Unix) DAV/2 PHP/4.4.2 mod_sar/1.1
Set-Cookie: TWIKISID=81590dfe7e85df167aa79cd612b8a411; path=/
Content-Length: 5449
Connection: close
Content-Type: text/html; charset=iso-8859-1
----------------------------------------------------------

TWiki:Main.EllisPritchard

I have confirmed that both ApacheLogin and TemplateLogin handles reset password correctly.

  • Reset password
  • Change password first asks for you to login. Not on an oops screen but with login
  • Once authenticated you will need to again fill out the username, old password, and twice new password.
  • New password works

I remember we fixed something around this but I cannot remember if it was before or after the 4.2.0 release. One thing which is actually not very elegant was to require authentication of the ChangePassword topic. Here you need to authenticate with the new password you received by email.

-- TWiki:Main.KennethLavrsen - 30 Jul 2008

Re-opening this

The original reporter had not described the error clear enough.

Everything works when you follow the link to the ChangePassword topic which you are presented with after reset password.

BUT

If you follow the link in the email which has a trailing ?username=loginname then it fails as described. That is clearly wrong.

Why is the ChangePassword topic password protected? I remember it as a work around for some poorly implemented code and it was never repaired.

It is bullocks that you have to authenticate twice to change your password.

In any case - I will as a 4.2.1 work around change the message you receive by email so it contains the generic ChangePassword URL without the ?username=

Then at least you do not end up with a bad authentication which is very very confusing.

-- TWiki:Main.KennethLavrsen - 31 Jul 2008

Current behaviour comes from Item5447

So my workaround seems only quick solution.

-- TWiki:Main.KennethLavrsen - 31 Jul 2008

Cleaned "WaitingFor" field.

-- TWiki:Main.GilmarSantosJr - 10 Aug 2008

ItemTemplate
Summary ResetPassword/ChangePassword combo "Oops: we could not recognize you"
ReportedBy TWiki:Main.EllisPritchard
Codebase 4.2.0
SVN Range TWiki-5.0.0, Sun, 27 Jul 2008, build 17148
AppliesTo Engine
Component

Priority Urgent
CurrentState Closed
WaitingFor

Checkins TWikirev:17238 TWikirev:17239
TargetRelease patch
ReleasedIn 4.2.1
Edit | Attach | Watch | Print version | History: r8 < r7 < r6 < r5 < r4 | Backlinks | Raw View | Raw edit | More topic actions
Topic revision: r8 - 2008-08-10 - GilmarSantosJr
 
This site is powered by the TWiki collaboration platform Powered by PerlCopyright © 2008-2019 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback