Community
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Read only

Problem with reset password procedure

Go to solution
Former Member

on ‎2018 Jul 12 11:16 AM

0 Likes
1,931

Hi,

The reset password procedure doesn’t work properly. When a user tries to reset his password, sometimes the system doesn’t send the email with the procedure to do it. The only way to unlock this situation It is one in which the customer/user cleans the browser cookies. After this procedure, the customer can do another password reset and finally receive the email

The console log file:

 [hybrisHTTP48] [10.108.10.98] [RequireHardLoginEvaluator] missing secure token in session, login required
 INFO   | jvm 1    | main    | 2018/02/10 09:54:16.573 | ^[[m
 [hybrisHTTP48] [10.108.10.98] [PasswordResetPageController] Email: ff@gmail.com does not exist in the database.

We debug the code and found the method that goes into error is: yacceleratorstorefront/web/src/com/ourgroup/storefront/controllers/pages/PasswordResetPageController.java

     @RequestMapping(value = "/request", method = RequestMethod.POST)
         public String passwordRequest(@Valid final ForgottenPwdForm form, final BindingResult bindingResult,
                 final Model model) throws CMSItemNotFoundException {
             if (bindingResult.hasErrors()) {
                 return ControllerConstants.Views.Fragments.Password.PasswordResetRequestPopup;
             } else {
                 try {
                     customerFacade.forgottenPassword(form.getEmail());
                 } catch (final UnknownIdentifierException unknownIdentifierException) {
                     LOG.warn("Email: " + form.getEmail() + " does not exist in the database.");
                 } catch (final ClassMismatchException classMismatchException) {
                     LOG.warn("Email: " + form.getEmail() + " belongs to an user who isn't a customer.");
                     return ControllerConstants.Views.Fragments.Password.ForgotPasswordErrorMessage;
                 }  
 return ControllerConstants.Views.Fragments.Password.ForgotPasswordValidationMessage;
         }
     }

The user exists and the mail it's correct. The error is not replicable in our local environment. We tried to debug the code but the method described before looks correct and doesn’t catch an exception for subscribed users. We are not able to understand which component causes an error, and which is the role of the cookies or the session in this issue.

Thanks,

Federico

Know the answer?

Help others by sharing your knowledge.

Answer

Need more details?

Request clarification before answering.

Show replies
Show replies
Former Member
‎2018 Jul 17 11:35 AM
0 Likes

The reset password procedure works well but only if we delete our session data before.

Accepted Solutions (1)

Accepted Solutions (1)

VinayKumarS
Active Contributor
‎2018 Jul 12 4:23 PM
0 Likes

As per my understanding and analysis with latest hybris 6.0 and above.. your employee or ustomer uid and email id should be same. when you are resetting the password the email will be generated for uid. always try to maintain the uid and email id are same to fix the issue.

Show replies
Show replies
Former Member
‎2018 Jul 17 11:34 AM
0 Likes

Thanks Vinay, the user mail (id) and the user uid are the same for every user. The reset password procedure works well but only if we delete our session data before.

VinayKumarS
Active Contributor
‎2018 Jul 17 12:58 PM
0 Likes

oh. Then before clicking the ResetPassword controller. Put @RequiresHardLogin. then if the session is expired. and user click on the reset password link. First it will ask for a login. Then user can use forget password.

Former Member
‎2018 Jul 17 1:35 PM
0 Likes

Sounds good. But how a user can log in if he doesn't know the password? Does he only need to try to log in?

VinayKumarS
Active Contributor
‎2018 Jul 17 2:04 PM
0 Likes

In that case user has to click on the forget password link. so that the email will be triggered to registered email address.

Answers (1)

Answers (1)

Huskar
Participant
‎2018 Jul 12 4:10 PM
0 Likes

May sound stupid but check wether user is disabled?

Show replies
Show replies
Former Member
‎2018 Jul 17 11:30 AM
0 Likes

Thanks Krishn, the user is enable. The disable login is in false status

Ask a Question