Bug in 'Reset password' function

Support requests, bug reports, etc. go here. Dedicated servers / VDS hosting only
Tobi
Bear Rating Trainee
Bear Rating Trainee
Posts: 13
Joined: 17 Mar 2013, 19:35
Location: Hanover, Germany

Bug in 'Reset password' function

Postby Tobi » 09 Mar 2014, 07:22

Hi,
I enabled OTP for my account. When I did a password reset for this account, I got an email with a new password. I used it to login, but then the OTP form appeared. The problem here is, that the OTP is "connected" with my old password and therefore it's not possible to login with the new password I just got via mail. The old password doesn't work either (because it's reset to the new one I just got).

So when one is resetting his password, OTP should be disabled for this account temporarily.

User avatar
fox
^ me reading your posts ^
Posts: 6318
Joined: 27 Aug 2005, 22:53
Location: Saint-Petersburg, Russia
Contact:

Re: Bug in 'Reset password' function

Postby fox » 09 Mar 2014, 10:22

That's the problem though, isn't it. It can't just disable OTP if someone clicks on a publicly accessible link, that makes OTP more or less useless.

e: Actually resetting password should disable otp (I'll fix this) but the whole mechanism of password reset should probably be changed so it would work differently.

User avatar
fox
^ me reading your posts ^
Posts: 6318
Joined: 27 Aug 2005, 22:53
Location: Saint-Petersburg, Russia
Contact:

Re: Bug in 'Reset password' function

Postby fox » 09 Mar 2014, 11:18

I've updated password reset mechanism to send user a temporarily link first, when that is clicked password is actually reset (and OTP is disabled if needed).

Tobi
Bear Rating Trainee
Bear Rating Trainee
Posts: 13
Joined: 17 Mar 2013, 19:35
Location: Hanover, Germany

Re: Bug in 'Reset password' function

Postby Tobi » 09 Mar 2014, 17:17

Sounds good. In this case, the user is able to login with his old password (if it comes to his mind) + OTP even when he previously requested a new password.
I will have a look at this function, when a new release is available. Thanks for your quick response and implementation!


Return to “Support”

Who is online

Users browsing this forum: No registered users and 4 guests