https://community.sap.com/t5/crm-and-cx-q-a/problem-with-reset-password-procedure/qaa-p/12052965#M403873 <P>Sounds good. But how a user can log in if he doesn't know the password? Does he only need to try to log in? </P> Tue, 17 Jul 2018 12:35:54 GMT Former Member 2018-07-17T12:35:54Z https://community.sap.com/t5/crm-and-cx-q-a/problem-with-reset-password-procedure/qaq-p/12052958 <P>Hi,</P> <P>The reset password procedure doesn’t work properly. When a user tries to reset his password, sometimes the system doesn’t send the email with the procedure to do it. The only way to unlock this situation It is one in which the customer/user cleans the browser cookies. After this procedure, the customer can do another password reset and finally receive the email</P> <P><EM>The console log file:</EM></P> <PRE><CODE> [hybrisHTTP48] [10.108.10.98] [RequireHardLoginEvaluator] missing secure token in session, login required INFO | jvm 1 | main | 2018/02/10 09:54:16.573 | ^[[m [hybrisHTTP48] [10.108.10.98] [PasswordResetPageController] Email: ff@gmail.com does not exist in the database. </CODE></PRE> <P>We debug the code and found the method that goes into error is: <EM>yacceleratorstorefront/web/src/com/ourgroup/storefront/controllers/pages/PasswordResetPageController.java</EM></P> <PRE><CODE> @RequestMapping(value = "/request", method = RequestMethod.POST) public String passwordRequest(@Valid final ForgottenPwdForm form, final BindingResult bindingResult, final Model model) throws CMSItemNotFoundException { if (bindingResult.hasErrors()) { return ControllerConstants.Views.Fragments.Password.PasswordResetRequestPopup; } else { try { customerFacade.forgottenPassword(form.getEmail()); } catch (final UnknownIdentifierException unknownIdentifierException) { LOG.warn("Email: " + form.getEmail() + " does not exist in the database."); } catch (final ClassMismatchException classMismatchException) { LOG.warn("Email: " + form.getEmail() + " belongs to an user who isn't a customer."); return ControllerConstants.Views.Fragments.Password.ForgotPasswordErrorMessage; } return ControllerConstants.Views.Fragments.Password.ForgotPasswordValidationMessage; } } </CODE></PRE> <P>The user exists and the mail it's correct. The error is not replicable in our local environment. We tried to debug the code but the method described before looks correct and doesn’t catch an exception for subscribed users. <STRONG>We are not able to understand which component causes an error, and which is the role of the cookies or the session in this issue</STRONG>.</P> <P>Thanks,</P> <P>Federico</P> Thu, 12 Jul 2018 10:16:59 GMT https://community.sap.com/t5/crm-and-cx-q-a/problem-with-reset-password-procedure/qaq-p/12052958 Former Member 2018-07-12T10:16:59Z https://community.sap.com/t5/crm-and-cx-q-a/problem-with-reset-password-procedure/qaa-p/12052959#M403867 <P>May sound stupid but check wether user is disabled? </P> Thu, 12 Jul 2018 15:10:08 GMT https://community.sap.com/t5/crm-and-cx-q-a/problem-with-reset-password-procedure/qaa-p/12052959#M403867 Huskar 2018-07-12T15:10:08Z https://community.sap.com/t5/crm-and-cx-q-a/problem-with-reset-password-procedure/qaa-p/12052960#M403868 <P>As per my understanding and analysis with latest hybris 6.0 and above.. your employee or ustomer uid and email id should be same. when you are resetting the password the email will be generated for uid. always try to maintain the uid and email id are same to fix the issue. </P> Thu, 12 Jul 2018 15:23:57 GMT https://community.sap.com/t5/crm-and-cx-q-a/problem-with-reset-password-procedure/qaa-p/12052960#M403868 VinayKumarS 2018-07-12T15:23:57Z https://community.sap.com/t5/crm-and-cx-q-a/problem-with-reset-password-procedure/qaa-p/12052961#M403869 <P>Thanks Krishn, the user is enable. The disable login is in false status </P> Tue, 17 Jul 2018 10:30:36 GMT https://community.sap.com/t5/crm-and-cx-q-a/problem-with-reset-password-procedure/qaa-p/12052961#M403869 Former Member 2018-07-17T10:30:36Z https://community.sap.com/t5/crm-and-cx-q-a/problem-with-reset-password-procedure/qaa-p/12052962#M403870 <P>Thanks Vinay, the user mail (id) and the user uid are the same for every user. The reset password procedure works well but only if we delete our session data before. </P> Tue, 17 Jul 2018 10:34:53 GMT https://community.sap.com/t5/crm-and-cx-q-a/problem-with-reset-password-procedure/qaa-p/12052962#M403870 Former Member 2018-07-17T10:34:53Z https://community.sap.com/t5/crm-and-cx-q-a/problem-with-reset-password-procedure/qaa-p/12052963#M403871 <P>The reset password procedure works well but only if we delete our session data before. </P> Tue, 17 Jul 2018 10:35:14 GMT https://community.sap.com/t5/crm-and-cx-q-a/problem-with-reset-password-procedure/qaa-p/12052963#M403871 Former Member 2018-07-17T10:35:14Z https://community.sap.com/t5/crm-and-cx-q-a/problem-with-reset-password-procedure/qaa-p/12052964#M403872 <P>oh. Then before clicking the ResetPassword controller. Put @RequiresHardLogin. then if the session is expired. and user click on the reset password link. First it will ask for a login. Then user can use forget password. </P> Tue, 17 Jul 2018 11:58:50 GMT https://community.sap.com/t5/crm-and-cx-q-a/problem-with-reset-password-procedure/qaa-p/12052964#M403872 VinayKumarS 2018-07-17T11:58:50Z https://community.sap.com/t5/crm-and-cx-q-a/problem-with-reset-password-procedure/qaa-p/12052965#M403873 <P>Sounds good. But how a user can log in if he doesn't know the password? Does he only need to try to log in? </P> Tue, 17 Jul 2018 12:35:54 GMT https://community.sap.com/t5/crm-and-cx-q-a/problem-with-reset-password-procedure/qaa-p/12052965#M403873 Former Member 2018-07-17T12:35:54Z https://community.sap.com/t5/crm-and-cx-q-a/problem-with-reset-password-procedure/qaa-p/12052966#M403874 <P>In that case user has to click on the forget password link. so that the email will be triggered to registered email address. </P> Tue, 17 Jul 2018 13:04:37 GMT https://community.sap.com/t5/crm-and-cx-q-a/problem-with-reset-password-procedure/qaa-p/12052966#M403874 VinayKumarS 2018-07-17T13:04:37Z