Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

5.2.3 - Require Password Reset feature broken #44715

Closed
Eric69-dev opened this issue Jan 10, 2025 · 6 comments
Closed

5.2.3 - Require Password Reset feature broken #44715

Eric69-dev opened this issue Jan 10, 2025 · 6 comments
Labels
bug No Code Attached Yet

Comments

@Eric69-dev
Copy link

Eric69-dev commented Jan 10, 2025
edited
Loading

Steps to reproduce the issue

In Admin panel with super-users rights go to Users > Manage

  • Edit user > set Require Password Reset to Yes
  • Save and close

Log out from super-user account and log in with credentials of user with Require Password Reset to Yes
Result : Page redirection error related to cookies with URL :
https://joomlasite/administrator/index.php?option=com_users&view=user&layout=edit&id=[user ID]

Expected result

The redirection to user's panel is expected to allow him to change his password

Actual result

Page redirection error related to cookies with URL :
https://joomlasite/administrator/index.php?option=com_users&view=user&layout=edit&id=[user ID]

System information (as much as possible)

=============
System Information

dbserver: mysql
dbversion: 8.3.0
dbcollation: utf8mb4_unicode_ci
dbconnectioncollation: utf8mb4_0900_ai_ci
dbconnectionencryption:
dbconnencryptsupported: true
phpversion: 8.2.18
server: Apache/2.4.59 (Win64) OpenSSL/3.1.5 PHP/8.2.18 mod_fcgid/2.3.10-dev
sapi_name: apache2handler
version: Joomla! 5.2.3 Stable [ Uthabiti ] 7-January-2025 16:00 GMT
compatpluginenabled: true
compatpluginparameters: classes_aliases:"1", es5_assets:"1"
useragent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:128.0) Gecko/20100101 Firefox/128.0

=============
PHP Settings

memory_limit: 128M
upload_max_filesize: 256M
post_max_size: 256M
display_errors: true
short_open_tag: false
file_uploads: true
output_buffering: true
open_basedir:
session.save_path: xxxxxx
session.auto_start: 0
disable_functions:
xml: true
zlib: true
zip: true
mbstring: true
fileinfo: true
gd: true
iconv: true
intl: true
max_input_vars: 2500

=============
Configuration File

offline: false
offline_message: Ce site est en maintenance.
Veuillez revenir ultérieurement, merci.
display_offline_message: 1
offline_image:
sitename: xxxxxx
editor: tinymce
captcha: 0
list_limit: 20
access: 1
debug: false
debug_lang: false
debug_lang_const: true
dbtype: mysqli
host: xxxxxx
user: xxxxxx
password: xxxxxx
db: xxxxxx
dbprefix: xxxxxx
dbencryption: 0
dbsslverifyservercert: false
dbsslkey:
dbsslcert:
dbsslca:
dbsslcipher:
force_ssl: 2
live_site:
secret: xxxxxx
gzip: false
error_reporting: simple
helpurl: https://help.joomla.org/proxy?keyref=Help{major}{minor}:{keyref}&lang={langcode}
offset: Europe/Paris
mailonline: true
mailer: mail
mailfrom: xxxxxx
fromname: xxxxxx
sendmail: xxxxxx
smtpauth: false
smtpuser: xxxxxx
smtppass: xxxxxx
smtphost: xxxxxx
smtpsecure: none
smtpport: 25
caching: 0
cache_handler: file
cachetime: 15
cache_platformprefix: false
MetaDesc:
MetaAuthor: true
MetaVersion: false
robots: noindex, follow
sef: true
sef_rewrite: true
sef_suffix: false
unicodeslugs: false
feed_limit: 10
feed_email: none
log_path: xxxxxx
tmp_path: xxxxxx
lifetime: 30
session_handler: database
shared_session: false
session_metadata: true
memcached_persist: true
memcached_compress: false
memcached_server_host: xxxxxx
memcached_server_port: 11211
redis_persist: true
redis_server_host: xxxxxx
redis_server_port: 6379
redis_server_db: 0
cors: false
cors_allow_origin: *
cors_allow_headers: Content-Type,X-Joomla-Token
cors_allow_methods:
behind_loadbalancer: false
proxy_enable: true
proxy_host: xxxxxx
proxy_port: 3128
proxy_user: xxxxxx
proxy_pass: xxxxxx
massmailoff: false
replyto:
replytoname:
MetaRights:
sitename_pagetitles: 0
session_filesystem_path:
session_memcached_server_host: xxxxxx
session_memcached_server_port: 11211
session_redis_persist: 1
session_redis_server_host: xxxxxx
session_redis_server_port: 6379
session_redis_server_db: 0
session_metadata_for_guest: true
frontediting: 1
log_everything: 1
log_deprecated: 0

=============
PHP Information

=============
apache2handler
=============
Apache Version: Apache/2.4.59 (Win64) OpenSSL/3.1.5 PHP/8.2.18 mod_fcgid/2.3.10-dev
Apache API Version: 20120211
Server Administrator: xxxxxx
Hostname:Port: joomlatest:0
Max Requests: Per Child: 0 - Keep Alive: on - Max Per Connection: 100
Timeouts: Connection: 60 - Keep-Alive: 5
Virtual Server: Yes
Server Root: xxxxxx
Loaded Modules: core mod_win32 mpm_winnt http_core mod_so mod_actions mod_alias mod_allowmethods mod_asis mod_auth_basic mod_auth_digest mod_authn_core mod_authn_file mod_authz_core mod_authz_groupfile mod_authz_host mod_authz_user mod_autoindex mod_cache mod_cache_disk mod_cgi mod_dir mod_env mod_file_cache mod_include mod_isapi mod_log_config mod_mime mod_negotiation mod_rewrite mod_setenvif mod_socache_shmcb mod_ssl mod_userdir mod_vhost_alias mod_php mod_fcgid

	=============
	engine
	=============
	Local Value: On
	Master Value: On

	=============
	last_modified
	=============
	Local Value: Off
	Master Value: Off

	=============
	xbithack
	=============
	Local Value: Off
	Master Value: Off

=============
Apache Environment
=============
Variable: Value
HTTP_AUTHORIZATION: no value
HTTPS: on
SSL_TLS_SNI: joomlatest
SSL_SERVER_S_DN_C: FR
SSL_SERVER_S_DN_ST: Paris
SSL_SERVER_S_DN_L: Paris
SSL_SERVER_S_DN_O: Otomatic & Cie
SSL_SERVER_S_DN_OU: Wampserver
SSL_SERVER_S_DN_CN: joomlatest
SSL_SERVER_I_DN_C: FR
SSL_SERVER_I_DN_ST: Paris
SSL_SERVER_I_DN_L: Paris
SSL_SERVER_I_DN_O: Otomatic & Cie
SSL_SERVER_I_DN_CN: Otomatic & Cie
SSL_VERSION_INTERFACE: mod_ssl/2.4.59
SSL_VERSION_LIBRARY: OpenSSL/3.1.5
SSL_PROTOCOL: TLSv1.3
SSL_SECURE_RENEG: false
SSL_COMPRESS_METHOD: NULL
SSL_CIPHER: TLS_CHACHA20_POLY1305_SHA256
SSL_CIPHER_EXPORT: false
SSL_CIPHER_USEKEYSIZE: 256
SSL_CIPHER_ALGKEYSIZE: 256
SSL_CLIENT_VERIFY: NONE
SSL_SERVER_M_VERSION: 1
SSL_SERVER_M_SERIAL: 754F72A314A307C0E1EE9D5027AB241C426408A1
SSL_SERVER_V_START: Oct 28 13:11:17 2024 GMT
SSL_SERVER_V_END: Oct 28 13:11:17 2036 GMT
SSL_SERVER_S_DN: CN=joomlatest, OU=Wampserver, O=Otomatic & Cie, L=Paris, ST=Paris, C=FR
SSL_SERVER_I_DN: CN=Otomatic & Cie, O=Otomatic & Cie, L=Paris, ST=Paris, C=FR
SSL_SERVER_A_KEY: rsaEncryption
SSL_SERVER_A_SIG: sha256WithRSAEncryption
SSL_SESSION_ID: 25869f66fda02ecf0fa600b81184fbc54d63ed37fd671a73fdf746a856d16af4
SSL_SESSION_RESUMED: Resumed
HTTP_HOST: xxxxxx
HTTP_USER_AGENT: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:128.0) Gecko/20100101 Firefox/128.0
HTTP_ACCEPT: text/html, application/xhtml+xml, application/xml;q=0.9, image/avif, image/webp, image/png, image/svg+xml,*/*;q=0.8
HTTP_ACCEPT_LANGUAGE: fr, fr-FR;q=0.8, en-US;q=0.5, en;q=0.3
HTTP_ACCEPT_ENCODING: gzip, deflate, br, zstd
HTTP_REFERER: xxxxxx
HTTP_CONNECTION: keep-alive
HTTP_COOKIE: xxxxxx
HTTP_UPGRADE_INSECURE_REQUESTS: 1
HTTP_SEC_FETCH_DEST: document
HTTP_SEC_FETCH_MODE: navigate
HTTP_SEC_FETCH_SITE: same-origin
HTTP_SEC_FETCH_USER: ?1
HTTP_PRIORITY: u=0, i
PATH: xxxxxx
SystemRoot: C:\windows
COMSPEC: C:\windows\system32\cmd.exe
PATHEXT: .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
WINDIR: C:\windows
SERVER_SOFTWARE: Apache/2.4.59 (Win64) OpenSSL/3.1.5 PHP/8.2.18 mod_fcgid/2.3.10-dev
SERVER_NAME: xxxxxx
SERVER_ADDR: xxxxxx
SERVER_PORT: 443
REMOTE_ADDR: xxxxxx
DOCUMENT_ROOT: xxxxxx
REQUEST_SCHEME: https
CONTEXT_PREFIX: no value
CONTEXT_DOCUMENT_ROOT: xxxxxx
SERVER_ADMIN: xxxxxx
SCRIPT_FILENAME: xxxxxx
REMOTE_PORT: 52615
GATEWAY_INTERFACE: CGI/1.1
SERVER_PROTOCOL: HTTP/1.1
REQUEST_METHOD: GET
QUERY_STRING: option=com_admin&view=sysinfo&format=text&cf641cabf347675ff0af9fc0dab3b39d=1
REQUEST_URI: /administrator/index.php?option=com_admin&view=sysinfo&format=text&cf641cabf347675ff0af9fc0dab3b39d=1
SCRIPT_NAME: /administrator/index.php

Additional comments

Tested with Joomla 5.2.2 and all works fine. So It should be related to 5.2.3 only.
@chmst chmst added the bug label Jan 10, 2025
@tecpromotion
Copy link
Contributor

confirmed for backend.
frontend reset is working.

@joomdonation
Copy link
Contributor

Look like it causes by PR #44521 . @Hackwar Shouldn't we add ['option' => 'com_users', 'view' => 'user', 'layout' => 'edit'] to this array https://github.com/joomla/joomla-cms/blob/5.2-dev/libraries/src/Application/AdministratorApplication.php#L201 ?

@alikon
Copy link
Contributor

alikon commented Jan 12, 2025
edited
Loading

yes adding that line it works like before

@joomdonation
Copy link
Contributor

I think we can improve the logic of checkUserRequiresReset method to make it easier to understand. I will prepare and make a PR for this issue.

@joomdonation joomdonation mentioned this issue Jan 12, 2025
Merged
2 tasks
@alikon
Copy link
Contributor

alikon commented Jan 12, 2025

please test #44723

@alikon alikon closed this as completed Jan 12, 2025
@Eric69-dev
Copy link
Author

Hi,
I tested the pull request on my local Joomla instance. This fixed the redirection issue and user can connect to the backend but he is not noticed to renew his passord if "Require Password Reset" is set to Yes.

So it's better but not completly solved in my opinion.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug No Code Attached Yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
8 participants
@alikon @joomdonation @chmst @bembelimen @tecpromotion @richard67 @joomla-cms-bot @Eric69-dev