magento2
magento2 copied to clipboard
magento
Admin reset password link broken
Preconditions and environment
- Magento 2.4.4
- Multiple websites and stores
Steps to reproduce
- Enable settings Add Store Code to Urls
- Create 2 new website with each 1 store view
- Create new admin user
- Click
Forgot your password?link in the admin login page; - Input your e-mail and submit;
- Click the link in the email.
Expected result
Form to reset the password
Actual result
404 not found
Additional information
Link is generated as http://magento.local/admin/admin_123456/admin/auth/resetpassword/key/xxxxxxxxxx/?id=1&token=yyyyyyyy, but it should be http://magento.local/admin_123456/admin/auth/resetpassword/key/xxxxxxxxxx/?id=1&token=yyyyyyyy (notice the extra admin/ right after the domain name).
Release note
No response
Triage and priority
- [ ] Severity: S0 - Affects critical data or functionality and leaves users without workaround.
- [ ] Severity: S1 - Affects critical data or functionality and forces users to employ a workaround.
- [ ] Severity: S2 - Affects non-critical data or functionality and forces users to employ a workaround.
- [ ] Severity: S3 - Affects non-critical data or functionality and does not force users to employ a workaround.
- [ ] Severity: S4 - Affects aesthetics, professional look and feel, “quality” or “usability”.
Hi @kassner. Thank you for your report. To speed up processing of this issue, make sure that you provided the following information:
- Summary of the issue
- Information on your environment
- Steps to reproduce
- Expected and actual results
Make sure that the issue is reproducible on the vanilla Magento instance following Steps to reproduce. To deploy vanilla Magento instance on our environment, Add a comment to the issue:
@magento give me 2.4-develop instance - upcoming 2.4.x release
For more details, review the Magento Contributor Assistant documentation.
Add a comment to assign the issue: @magento I am working on this
To learn more about issue processing workflow, refer to the Code Contributions.
- Join Magento Community Engineering Slack and ask your questions in #github channel.
:warning: According to the Magento Contribution requirements, all issues must go through the Community Contributions Triage process. Community Contributions Triage is a public meeting.
:clock10: You can find the schedule on the Magento Community Calendar page.
:telephone_receiver: The triage of issues happens in the queue order. If you want to speed up the delivery of your contribution, join the Community Contributions Triage session to discuss the appropriate ticket.
:pencil2: Feel free to post questions/proposals/feedback related to the Community Contributions Triage process to the corresponding Slack Channel
![m2-assistant[bot] avatar](https://avatars.githubusercontent.com/in/27048?v=4 "Published by a pub.dev verified publisher"){kind=small}
Hi @kassner, unfortunately there is no ability to deploy Magento instance at the moment. Please try again later.
![magento-deployment-service[bot] avatar](https://avatars.githubusercontent.com/in/52578?v=4 "Published by a pub.dev verified publisher"){kind=small}
Reverting the changes from https://github.com/magento/magento2/commit/f19611c1bc8b7a18a03ef8098adc36e8d62a7b1f makes it work again.
Hi @engcom-November. Thank you for working on this issue. In order to make sure that issue has enough information and ready for development, please read and check the following instruction: :point_down:
-
[ ] 1. Verify that issue has all the required information. (Preconditions, Steps to reproduce, Expected result, Actual result).
Details
If the issue has a valid description, the labelIssue: Format is validwill be added to the issue automatically. Please, edit issue description if needed, until labelIssue: Format is validappears. -
[ ] 2. Verify that issue has a meaningful description and provides enough information to reproduce the issue. If the report is valid, add
Issue: Clear Descriptionlabel to the issue by yourself. -
[ ] 3. Add
Component: XXXXXlabel(s) to the ticket, indicating the components it may be related to. -
[ ] 4. Verify that the issue is reproducible on
2.4-developbranchDetails
- Add the comment@magento give me 2.4-develop instanceto deploy test instance on Magento infrastructure.
- If the issue is reproducible on2.4-developbranch, please, add the labelReproduced on 2.4.x.
- If the issue is not reproducible, add your comment that issue is not reproducible and close the issue and stop verification process here! -
[ ] 5. Add label
Issue: Confirmedonce verification is complete. -
[ ] 6. Make sure that automatic system confirms that report has been added to the backlog.
Hi @engcom-Lima. Thank you for working on this issue. In order to make sure that issue has enough information and ready for development, please read and check the following instruction: :point_down:
-
[ ] 1. Verify that issue has all the required information. (Preconditions, Steps to reproduce, Expected result, Actual result).
Details
If the issue has a valid description, the labelIssue: Format is validwill be added to the issue automatically. Please, edit issue description if needed, until labelIssue: Format is validappears. -
[ ] 2. Verify that issue has a meaningful description and provides enough information to reproduce the issue. If the report is valid, add
Issue: Clear Descriptionlabel to the issue by yourself. -
[ ] 3. Add
Component: XXXXXlabel(s) to the ticket, indicating the components it may be related to. -
[ ] 4. Verify that the issue is reproducible on
2.4-developbranchDetails
- Add the comment@magento give me 2.4-develop instanceto deploy test instance on Magento infrastructure.
- If the issue is reproducible on2.4-developbranch, please, add the labelReproduced on 2.4.x.
- If the issue is not reproducible, add your comment that issue is not reproducible and close the issue and stop verification process here! -
[ ] 5. Add label
Issue: Confirmedonce verification is complete. -
[ ] 6. Make sure that automatic system confirms that report has been added to the backlog.
Hi @kassner
Thanks for your contribution and collaboration.
I have tried to reproduce the issue but in my case link is not broken I am successfully able to reset the password and able to login using new password. As you have observed extra admin/ in reset link same I also observed.
Checked in Magento 2.4-develop and browser: Chrome & FireFox.
Below is the screenshots for your reference:
Please provide more information if anything got missed and can be tested further.
Maybe because my installation has a custom admin path? We observe that in my case there is an “admin” before the custom path, when it shouldn’t.
On 24 Jun 2022, at 17:01, Shubham Singh @.***> wrote:
Hi @kassner
Thanks for your contribution and collaboration. I have tried to reproduce the issue but in my case link is not broken I am successfully able to reset the password and able to login using new password. As you have observed extra admin/ in reset link same I also observed. Checked in Magento 2.4-develop and browser: Chrome & FireFox.
Below is the screenshots for your reference:
Please provide more information if anything got missed and can be tested further.
— Reply to this email directly, view it on GitHub, or unsubscribe. You are receiving this because you were mentioned.
Hi @kassner
I have changed the custom path of the admin. Followed all your steps but I am able to reset password successfully. Link which I have received is below:
http://local.magento2.com/shubham/admin/auth/resetpassword/key/?id=4&token=
Please find below screeshot for your reference:
HI @kassner have you checked under admin -> stores -> configurations -> ADVANCED -> admin -> admin base url, to check if you have added any custom URL from admin?
Hi @kassner We are closing this issue as there has been no latest update on the same. Kindly reopen / create new issue if you are still facing any issues. Thank you
Hi @anvanza. Thank you for your request. I'm working on Magento instance for you.
Hi @anvanza, here is your Magento Instance: https://703bfe08dc3ffe1206faa8af6dc48454.instances.magento-community.engineering Admin access: https://703bfe08dc3ffe1206faa8af6dc48454.instances.magento-community.engineering/admin_c61d Login: 1a060ac6 Password: 952a9762c3a7
Steps to reproduce:
- Enable settings Add Store Code to Urls
- Create 2 new website with each 1 store view
- Create new admin user
- Reset password request for that new admin user
The email is now incorrect.
@kassner Could you verify is you have this "Add Store Code to Urls" enabled?
we solved the same problem creating a plugin for Magento\User\Model\Notificator
with this workaround
/**
* Workaround to disable store code in reset password link
*
* @param Notificator $subject
* @param callable $proceed
* @param UserInterface $user
* @return bool
*/
public function aroundSendForgotPassword(
Notificator $subject,
callable $proceed,
UserInterface $user
) {
$store = $this->storeManager->getStore(Store::DEFAULT_STORE_ID);
$store->setDisableStoreInUrl(true);
try {
$this->sendNotification(
'admin/emails/forgot_email_template',
[
'username' => $user->getFirstName().' '.$user->getLastName(),
'user' => $user,
'store' => $store
],
$user->getEmail(),
$user->getFirstName().' '.$user->getLastName()
);
} catch (LocalizedException $exception) {
throw new NotificatorException(
__($exception->getMessage()),
$exception
);
}
return true;
}
:heavy_check_mark: Issue confirmed
Issue got reproduced in 2.4-develop branch.
Description: Admin password reset link is not working.
Pre-requisite:
- Fresh magento
2.4-developshould be installed. - Multiple Website should be created
Steps to reproduce:
- Enable settings Add Store Code to Urls
- Create 2 new website with each 1 store view
- Create new admin user
- Reset password request for that new admin user
Expected result: Admin should be able to reset the password.
Actual result: In my case,Admin is not able to reset password as link redirecting to login page.
Observation: Extra admin is added in the reset link.
http://local.magento2.com/admin/admin/admin/auth/resetpassword/key/5aae6561fe4f1bf1d15ecaefe3646bc2f87afb6cbcff4f39ba1eadc96dc0b09b/?id=5&token=a88NTVfKBSqUM5yLcvLUMAiLeRDRRdjb
Screenshots:
Logs: logs.txt
Hence,confirming the issue.
Thanks
:white_check_mark: Jira issue https://jira.corp.adobe.com/browse/AC-6724 is successfully created for this GitHub issue.
:white_check_mark: Confirmed by @engcom-Lima. Thank you for verifying the issue.
Issue Available: @engcom-Lima, You will be automatically unassigned. Contributors/Maintainers can claim this issue to continue. To reclaim and continue work, reassign the ticket to yourself.
We applied another workaround for this. It will solve all the cases where a store is passed directly to the url resolver.
diff --git a/Model/Url.php b/Model/Url.php
index 8948961..c1bf6f0 100644
--- a/Model/Url.php
+++ b/Model/Url.php
@@ -447,6 +447,13 @@ class Url extends \Magento\Framework\Url implements \Magento\Backend\Model\UrlIn
'data' => ['code' => 'admin', 'force_disable_rewrites' => false, 'disable_store_in_url' => true],
]
);
+ } else {
+ /**
+ * Patch admin password url incorrect with setting "web/url/use_store" = 1
+ * Force option to disable store in url from url.
+ * Issue : https://github.com/magento/magento2/issues/35667
+ */
+ $this->_scope->setData("disable_store_in_url", true);
}
return $this->_scope;
}
You can fix this issue without any patches also.
- This is the way to create a patch of email templates.
Just modify the one line from the vendor/magento/module-user/view/adminhtml/email/password_reset_confirmation.html email template,
From the Store URL, Remove admin from the store url="admin/auth/resetpassword
{{store url="admin/auth/resetpassword/" _query_id=$user.user_id _query_token=$user.rp_token _nosid=1}}
Replace line no 23 with the given line,
{{store url="auth/resetpassword/" _query_id=$user.user_id _query_token=$user.rp_token _nosid=1}}
- If you don't require to create a patch,
Just create a new Forgot Admin Password template from the Backend, Marketing -> Communication -> Email Template Create a new template by clicking on the Add New Template button,
Now Load Default Template from the Magento_User -> Forgot Admin Password
After Loading, just modify the above line from the email template and save the new template.
Just Assigned this email template from the Stores -> Configuration -> Advanced -> Admin -> Admin User Emails,
From the Dropdown, Forgot Password Email Template you need to choose the template and Save Config.
I followed RakeshJesadiya solution, but even if I cleared the cache and whatever possible, is still sending the wrong path leading me to a 404
@dwolfuk40 The file is present in module "magento/module-backend". You should find it in "vendor/magento/module-backend/Model/Url.php" line 447. You can apply the patch by following this tutorial : https://devdocs.magento.com/guides/v2.3/comp-mgr/patching.html#custom-patches
Based on @bruno-blackbird workaround, I've created another patch to avoid touch any other area. Already tested on v2.4.6
diff --git a/vendor/magento/module-user/Model/Notificator.php b/vendor/magento/module-user/Model/Notificator.php
index 3e36cd13..e452de3d 100644
--- a/vendor/magento/module-user/Model/Notificator.php
+++ b/vendor/magento/module-user/Model/Notificator.php
@@ -111,7 +111,7 @@ class Notificator implements NotificatorInterface
'user' => $user,
'store' => $this->storeManager->getStore(
Store::DEFAULT_STORE_ID
- )
+ )->setData("disable_store_in_url", true)
],
$user->getEmail(),
$user->getFirstName().' '.$user->getLastName()
Above patch only add the flag to the specific function that trigger the email.
Getting this on 2.4.5-p2 as well. Any feedback on getting any of these patches in the core?
