Reset password token is invalid #1865
Comments
|
There is a time limit on the token, how long passed between requesting and
trying to reset?
…On Sat, 6 Jan 2018, 9:53 pm Andrew Sidhu, ***@***.***> wrote:
Ombi build Version:
V 3.0.2564
Update Branch:
Open Beta
Media Sever:
Plex
Media Server Version:
n/a
Operating System:
Ubuntu 17.10 Server
Ombi Applicable Logs (from /logs/ directory or the Admin page):
No logs applicable - no errrors thrown
Problem Description:
If someone requests a password reset, the token attached is invalid and
they cannot reset the password
Reproduction Steps:
1. Request password reset
2. click link in email
3. try to reset password.
—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub
<#1865>, or mute the thread
<https://github.com/notifications/unsubscribe-auth/AGVaLCeV5JV0Q-Rp_tuAFP-viM9E7vqiks5tH-tzgaJpZM4RVc8b>
.
|
|
Was able to find the reason for it. Token is generated with unsafe characters for url encoding. When a user clicks on a link that has click tracking attached to it (gmail.com, outlook, etc), the tracking platform URI encodes the string. Example with Gmail: Original Token: clicking the link in gmail has it go through the google click tracking url which encodes the url: As you can see, the now when the redirect finishes and takes you to the destination of the link, it doesn't unencode the token string.. so you end up with the token: which is invalid. Solutions:
or
#1 is an easier solution IMO. |
Ombi build Version:
V 3.0.2564
Update Branch:
Open Beta
Media Sever:
Plex
Media Server Version:
n/a
Operating System:
Ubuntu 17.10 Server
Ombi Applicable Logs (from
/logs/directory or the Admin page):Problem Description:
If someone requests a password reset, the token attached is invalid and they cannot reset the password
Reproduction Steps:
The text was updated successfully, but these errors were encountered: