Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Password reset button broken #4352

Closed
typorian opened this issue Apr 14, 2017 · 4 comments
Closed

Password reset button broken #4352

typorian opened this issue Apr 14, 2017 · 4 comments

Comments

@typorian
Copy link

typorian commented Apr 14, 2017
edited
Loading

Steps to reproduce

  1. Generate password reset link
  2. click on link in the Mail
  3. Type in new password
  4. Press "reset" button

Expected behaviour

Password should be reset

Actual behaviour

Nothing

Server configuration

Operating system:
debian 8.7 jessie
Web server:
apache2
Database:
mysql Ver 14.14 Distrib 5.5.54, for debian-linux-gnu (x86_64) using readline 6.3
PHP version:
php 7.0
Nextcloud version: (see Nextcloud admin page)
11.02 (stable)
Updated from an older Nextcloud/ownCloud or fresh install:
updated from previous stable
Where did you install Nextcloud from:
debian image with nextcloud provided by hosting provider
Signing status:

Signing status 
Login as admin user into your Nextcloud and access 
http://example.com/index.php/settings/integrity/failed 
paste the results here.
No errors have been found.

List of activated apps:

activity, gallery, contacts, calendar, gpxpod, gpxedit, tasks, collabora CODE

Enabled:

  • activity: 2.4.1
  • admin_audit: 1.1.0
  • admin_notifications: 1.0.0
  • calendar: 1.5.2
  • comments: 1.1.0
  • contacts: 1.5.3
  • dav: 1.1.1
  • federatedfilesharing: 1.1.1
  • federation: 1.1.1
  • files: 1.6.1
  • files_downloadactivity: 1.0.1
  • files_pdfviewer: 1.0.1
  • files_sharing: 1.1.1
  • files_texteditor: 2.2
  • files_trashbin: 1.1.0
  • files_versions: 1.4.0
  • files_videoplayer: 1.0.0
  • firstrunwizard: 2.0
  • gallery: 16.0.0
  • gpxedit: 0.0.5
  • gpxpod: 2.1.0
  • logreader: 2.0.0
  • lookup_server_connector: 1.0.0
  • nextcloud_announcements: 1.0
  • notifications: 1.0.1
  • password_policy: 1.1.0
  • provisioning_api: 1.1.0
  • richdocuments: 1.1.25
  • serverinfo: 1.1.1
  • sharebymail: 1.0.1
  • survey_client: 0.1.5
  • systemtags: 1.1.3
  • tasks: 0.9.5
  • templateeditor: 0.2
  • theming: 1.1.1
  • twofactor_backupcodes: 1.0.0
  • updatenotification: 1.1.1
  • workflowengine: 1.1.1
    Disabled:
  • encryption
  • external
  • files_accesscontrol
  • files_automatedtagging
  • files_external
  • files_retention
  • user_external
  • user_ldap
  • user_saml

Nextcloud configuration:

Config report

{
"system": {
"passwordsalt": "REMOVED SENSITIVE VALUE",
"secret": "REMOVED SENSITIVE VALUE",
"trusted_domains": [
"localhost",
"REMOVED SENSITIVE VALUE",
"REMOVED SENSITIVE VALUE",
"REMOVED SENSITIVE VALUE"
],
"datadirectory": "/var/nextclouddata/data",
"appstoreurl": "https://apps.nextcloud.com/api/v0",
"overwrite.cli.url": "http://localhost",
"dbtype": "mysql",
"version": "11.0.2.7",
"dbname": "nextcloud",
"dbhost": "localhost",
"dbtableprefix": "oc_",
"dbuser": "REMOVED SENSITIVE VALUE",
"dbpassword": "REMOVED SENSITIVE VALUE",
"logtimezone": "UTC",
"installed": true,
"default_language": "de",
"auth.bruteforce.protection.enabled": true,
"instanceid": "REMOVED SENSITIVE VALUE",
"updater.release.channel": "stable",
"maintenance": false,
"theme": "",
"logtype": "owncloud",
"logfile": "/var/log/nextcloud.log",
"loglevel": 0,
"appstore.experimental.enabled": true,
"mail_from_address": "info",
"mail_smtpmode": "sendmail",
"mail_domain": "REMOVED SENSITIVE VALUE",
"mail_smtpsecure": "tls",
"mail_smtpauthtype": "PLAIN",
"mail_smtpauth": 1,
"mail_smtphost": "REMOVED SENSITIVE VALUE",
"mail_smtpname": "REMOVED SENSITIVE VALUE",
"mail_smtppassword": "REMOVED SENSITIVE VALUE"
}
}

Are you using external storage, if yes which one: no

Are you using encryption: no

Are you using an external user-backend, if yes which one: no

Client configuration

Browser:
chrome/firefox
Operating system:
fedora linux

Logs

Web server error log

web server error log

[Fri Apr 14 10:38:12.241769 2017] [mpm_prefork:notice] [pid 28702] AH00169: caught SIGTERM, shutting down
[Fri Apr 14 10:38:13.409503 2017] [mpm_prefork:notice] [pid 28826] AH00163: Apache/2.4.10 (Debian) OpenSSL/1.0.1t configured -- resuming normal operations
[Fri Apr 14 10:38:13.409580 2017] [core:notice] [pid 28826] AH00094: Command line: '/usr/sbin/apache2'

cat nextcloud.access.log | grep pass

REMOVED SENSITIVE VALUE - - [14/Apr/2017:10:31:28 +0200] "GET /core/js/lostpassword.js?v=REMOVED SENSITIVE VALUE HTTP/1.1" 200 1843 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/57.0.2987.133 Safari/537.36"
REMOVED SENSITIVE VALUE- - [14/Apr/2017:10:38:32 +0200] "GET /core/js/lostpassword.js?v=REMOVED SENSITIVE VALUE HTTP/1.1" 200 2009 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/57.0.2987.133 Safari/537.36"
REMOVED SENSITIVE VALUE- - [14/Apr/2017:15:40:24 +0200] "GET /core/js/lostpassword.js?v=REMOVED SENSITIVE VALUE HTTP/1.1" 200 2009 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/57.0.2987.133 Safari/537.36"
REMOVED SENSITIVE VALUE - - [14/Apr/2017:15:40:31 +0200] "POST /index.php/lostpassword/email HTTP/1.1" 200 971 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/57.0.2987.133 Safari/537.36"
REMOVED SENSITIVE VALUE - - [14/Apr/2017:15:40:57 +0200] "GET /index.php/lostpassword/reset/form/REMOVED SENSITIVE VALUE HTTP/1.1" 200 8189 "-" "Mozilla/5.0 (X11; Fedora; Linux x86_64; rv:52.0) Gecko/20100101 Firefox/52.0"

Nextcloud log (data/nextcloud.log)

Nextcloud log

{"reqId":"REMOVED SENSITIVE VALUE","remoteAddr":"REMOVED SENSITIVE VALUE","app":"core","message":"Sent mail to "Array\n(\n [REMOVED SENSITIVE VALUE] => REMOVED SENSITIVE VALUE\n)\n" with subject "Nextcloud password reset"","level":0,"time":"2017-04-14T13:40:32+00:00","method":"POST","url":"/index.php/lostpassword/email","user":"--","version":"11.0.2.7"}

Browser log

Browser log 
Mixed Content: The page at 'https://nextcloud.***REMOVED SENSITIVE VALUE***/index.php/lostpassword/reset/form/***REMOVED SENSITIVE VALUE***' was loaded over a secure connection, but contains a form which targets an insecure endpoint 'http://nextcloud.***REMOVED SENSITIVE VALUE***/index.php/lostpassword/set/***REMOVED SENSITIVE VALUE***'. This endpoint should be made available over a secure connection.
@MorrisJobke
Copy link
Member

Anything in the webdev tools of your browser? Any JS errors or something like that?

@typorian
Copy link
Author

@MorrisJobke I added it under browser logs, didn't find it before. I think it tries to set the password over http and somehow fails because of that.

@MorrisJobke
Copy link
Member

"overwrite.cli.url": "http://localhost",

Set this properly - maybe it helps.

@typorian
Copy link
Author

typorian commented Apr 14, 2017
edited
Loading

Thank you @MorrisJobke
It was not the exact problem you pointed out, but I solved it by adding
'overwriteprotocol' => 'https',
as instructed in the NC manual here

@nextcloud-bot nextcloud-bot mentioned this issue Aug 9, 2018
Closed
@nextcloud-bot nextcloud-bot mentioned this issue Aug 21, 2018
Open
This was referenced Nov 5, 2018
Closed
Closed
@madpipeline madpipeline mentioned this issue Dec 16, 2019
Closed
@nextcloud-bot nextcloud-bot mentioned this issue Nov 16, 2018
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@MorrisJobke @typorian