[#19180] - Admin registration - email link invalid
- Closed
- 3 Jan 2018
- Medium
- Build: staging
- # 19180
Steps to reproduce the issue
I have not yet installed a fresh J3.8.3 to try to reproduce this issue, but this is what happens:
- Set New User Account Activation to Administrator in Administrator / Users / Options.
- Register a new user.
- User clicks link in their confirmation email.
- Admin receives activation email, but activation link is incorrect.
Expected result
User should be activated when you click the activation link.
Actual result
When I click this link I get Error: You are not authorised to view this resource.
System information (as much as possible)
Joomla 3.8.3
PHP 7.1
Apache
Additional comments
Email link is of the form:
index.php/register?task=registration.activate&token=
In components/com_users/models/registration.php at line 105 (and 469)0:
$data['activate'] = $base . JRoute::_('index.php?option=com_users&task=registration.activate&token=' . $data['activation'], false);
When I replace index.php/register? in the email link with index.php?option=com_users& it works.
So it appears to be an issue with JRoute. It is possible that I have misconfigured my site somewhere but if so I cannot work out where.
| Labels |
Added:
?
|
||
P.S. I disabled the hidden menu and put the visible menu back to Public and I still had errors when logged in.
Is your homepage menu item set to registered?
| Category | ⇒ | Authentication |
| Status | New | ⇒ | Information Required |
No - Home is set to Public. Only Home and the hidden version of Login are set to Public. All other menu items have other View Access Levels.
| Status | Information Required | ⇒ | Discussion |
@Sophist-UK I could not reproduce with a fresh demo install of Joomla v3.8.3.
| Status | Discussion | ⇒ | Closed |
| Closed_Date | 0000-00-00 00:00:00 | ⇒ | 2018-01-03 06:56:28 |
| Closed_By | ⇒ | franz-wohlkoenig |
| Closed_Date | 2018-01-03 06:56:28 | ⇒ | 2018-01-03 06:56:29 |
| Closed_By | franz-wohlkoenig | ⇒ | joomla-cms-bot |
Set to "closed" on behalf of @franz-wohlkoenig by The JTracker Application at issues.joomla.org/joomla-cms/19180
closed as no Core-Issue. Please reopen if needed.
This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/19180.
Ok - I have narrowed this down further.
Both the user confirmation email and the admin activation email use links of the form
index.php/register?task=registration.activate&token=(though the tokens are understandably different so as to prevent the user from clicking a second time to activate the account).When I click these links and I am not logged into the site they work. However when I am logged in they do not work.
I suspect that this JRouter issue might be triggered by my com_users menu setup which is as follows:
A visible menu entry for Login Form with View Access Level of Guest (so that Login menu item is NOT shown once the user is logged in).
A hidden menu entry for Login Form with View Access Level of Public (which I added based on other user's workaround to prevent a
Error: You are not authorised to view this resource.message immediately after login when the Login menu entry is now invisible and access is needed to process the redirect).