v2-hub icon indicating copy to clipboard operation
v2-hub copied to clipboard

Published 20 hours ago verified publisher icon statamic

Resetting passwords when user driver is set to Redis

Open duncanmcclean opened this issue 5 years ago • 1 comments
trafficstars

Describe the bug When you have the user driver set to redis and you request a password reset, an email is sent however the token is invalid.

To Reproduce Steps to reproduce the behavior:

  1. Install Statamic 2
  2. Create a new user
  3. Set the user driver to redis in site/settings/users.yaml
  4. Request a password reset link
  5. Open the link sent in the reset email in your browser, it should say the token is invalid.

Expected behavior Instead of erroring out saying the token is invalid, it should accept the token and allow the user to reset their password.

Screenshots image

Environment details (please complete the following information):

  • Statamic Version [e.g. 2.11.19]
  • Fresh Install or Upgrade: Upgrade (years old)
  • OS: [e.g. macOS 10.12.6, Ubuntu 16.04] macOS 10.14.06, Windows 10, Recently provisioned Laravel Forge server
  • Browser: [e.g. chrome, safari] Chrome
  • Web Server: [eg. Apache, Nginx, Valet] Nginx
  • PHP Version: [eg. 7.1] 7.3.9
  • Addons installed: Impersonator, Loop, Profiler, Recaptcha, Workshop

Additional context Add any other context about the problem here.

duncanmcclean avatar Feb 12 '20 20:02 duncanmcclean

I have managed to make a hacky solution that works for now as it was rather annoying the client.

In the Statamic\Data\Users\Redis\User class, I rewrote the setPasswordResetToken and getPasswordResetToken` methods to look like this.

public function setPasswordResetToken($token)
    {
        $this->set('password_reset_token', $token);

        $yaml = YAML::parse(File::get($this->passwordResetPath(), ''));
        $yaml[$this->id()] = $token;
        $yaml = array_filter($yaml);
        File::put($this->passwordResetPath(), YAML::dump($yaml));
    }

    private function passwordResetPath()
    {
        return cache_path('password_resets.yaml');
    }

    /**
     * Get the reset token/code for a password reset
     *
     * @return string
     */
    public function getPasswordResetToken()
    {
        $yaml = YAML::parse(File::get($this->passwordResetPath(), ''));

        return array_get($yaml, $this->id());
    }

I'm not sure if this really is a Statamic bug or something that we're doing wrong when using Redis.

duncanmcclean avatar Feb 12 '20 20:02 duncanmcclean