magento2-force-login
magento2-force-login copied to clipboard
Password Reset Endless redirect
Preconditions
Dev & Production, unrelated env's
Magento Version : 2.4.3-p1
Force Login Module Version : 4.1.0
Third party modules : Yes, many
Steps to reproduce
- Enable the plugin
- Password reset keeps redirecting to itself
Expected result
- Password reset should work
Actual result
- Endless redirect loop to the same page /customer/account/createpassword?token=XXX
Disabling the plugin makes it work again
Additionally, trying to update to version 5.X I got the version mismatch error in packagist/magento. Setting it to canonical did NOT work - I've seen hints that 5.X can fix my issues, will have to move it out of composer and in app/code directly. Will confirm ASAP if 5.X solved this issue
5.X solved the redirect issue indeed. But I still like to get back on composer
@vandijkstef good to hear that 5.x fixes your issues. What's the Composer error you get? Since we have a bunch of installs of the 5.0 & 5.0.1 versions, it does not seem like a general issue with our Composer package.
Higher matching version X.X.X of xxx/module-xxxx was found in public repository packagist.org than X.X.X in private https://repo.magento.com.
Public package might've been taken over by a malicious entity,
please investigate and update package requirement to match the version from the private repository
Some suggestions are saying I should remove "magento/composer-dependency-version-audit-plugin"
but then others are saying this package is adding extra security, so that doesn't seem the way to go.
It seems like 5.X isn't being released on the marketplace currently, and the canonical suggestion in your readme did not work to prevent this issue. What might be of use, im still on Composer V1 as not all my packages are properly set up for V2 currently.
So everyone grabbing this module through the marketplace gets a buggy version without it being clear it's coming from this module, as the initial install works fine I think, but it might be I've installed it before 5.X was released. The error came up when I manually forced it to '^5.0'
The magento/composer-dependency-version-audit-plugin
package does not cause the issue. That is basically a new "feature" of Composer 2. You can read about the why here.
We have already sent an update to Magento Marketplace but sadly they don't seem to have processed the changes yet. The update is still stuck with the Marketing team for review.
You have 2 ways to fix this:
- You can declare Magento's Composer repository as non-canonical. This will configure Composer in a way to check both Packagist and Magento Marketplace for the packages and pick the newest one, regardless where it's coming from.
{
"repositories": [
{
"type": "composer",
"url": "https://repo.magento.com/",
"canonical": false
}
]
}
- You can instruct Composer to specifically ignore
bitexpert/magento2-force-customer-login
when looking packages up in Magento Marketplace:
{
"repositories": [
{
"type": "composer",
"url": "https://repo.magento.com/",
"exclude": ["bitexpert/magento2-force-customer-login"]
}
]
}
I hope this helps. If not, let me know.