[#44715] - 5.2.3 - Require Password Reset feature broken
- Closed
- 12 Jan 2025
- Medium
- Build: 5.2-dev
- # 44715
Steps to reproduce the issue
In Admin panel with super-users rights go to Users > Manage
- Edit user > set Require Password Reset to Yes
- Save and close
Log out from super-user account and log in with credentials of user with Require Password Reset to Yes
Result : Page redirection error related to cookies with URL :
https://joomlasite/administrator/index.php?option=com_users&view=user&layout=edit&id=[user ID]
Expected result
The redirection to user's panel is expected to allow him to change his password
Actual result
Page redirection error related to cookies with URL :
https://joomlasite/administrator/index.php?option=com_users&view=user&layout=edit&id=[user ID]
System information (as much as possible)
=============
System Information
dbserver: mysql
dbversion: 8.3.0
dbcollation: utf8mb4_unicode_ci
dbconnectioncollation: utf8mb4_0900_ai_ci
dbconnectionencryption:
dbconnencryptsupported: true
phpversion: 8.2.18
server: Apache/2.4.59 (Win64) OpenSSL/3.1.5 PHP/8.2.18 mod_fcgid/2.3.10-dev
sapi_name: apache2handler
version: Joomla! 5.2.3 Stable [ Uthabiti ] 7-January-2025 16:00 GMT
compatpluginenabled: true
compatpluginparameters: classes_aliases:"1", es5_assets:"1"
useragent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:128.0) Gecko/20100101 Firefox/128.0
=============
PHP Settings
memory_limit: 128M
upload_max_filesize: 256M
post_max_size: 256M
display_errors: true
short_open_tag: false
file_uploads: true
output_buffering: true
open_basedir:
session.save_path: xxxxxx
session.auto_start: 0
disable_functions:
xml: true
zlib: true
zip: true
mbstring: true
fileinfo: true
gd: true
iconv: true
intl: true
max_input_vars: 2500
=============
Configuration File
offline: false
offline_message: Ce site est en maintenance.
Veuillez revenir ultérieurement, merci.
display_offline_message: 1
offline_image:
sitename: xxxxxx
editor: tinymce
captcha: 0
list_limit: 20
access: 1
debug: false
debug_lang: false
debug_lang_const: true
dbtype: mysqli
host: xxxxxx
user: xxxxxx
password: xxxxxx
db: xxxxxx
dbprefix: xxxxxx
dbencryption: 0
dbsslverifyservercert: false
dbsslkey:
dbsslcert:
dbsslca:
dbsslcipher:
force_ssl: 2
live_site:
secret: xxxxxx
gzip: false
error_reporting: simple
helpurl: https://help.joomla.org/proxy?keyref=Help{major}{minor}:{keyref}&lang={langcode}
offset: Europe/Paris
mailonline: true
mailer: mail
mailfrom: xxxxxx
fromname: xxxxxx
sendmail: xxxxxx
smtpauth: false
smtpuser: xxxxxx
smtppass: xxxxxx
smtphost: xxxxxx
smtpsecure: none
smtpport: 25
caching: 0
cache_handler: file
cachetime: 15
cache_platformprefix: false
MetaDesc:
MetaAuthor: true
MetaVersion: false
robots: noindex, follow
sef: true
sef_rewrite: true
sef_suffix: false
unicodeslugs: false
feed_limit: 10
feed_email: none
log_path: xxxxxx
tmp_path: xxxxxx
lifetime: 30
session_handler: database
shared_session: false
session_metadata: true
memcached_persist: true
memcached_compress: false
memcached_server_host: xxxxxx
memcached_server_port: 11211
redis_persist: true
redis_server_host: xxxxxx
redis_server_port: 6379
redis_server_db: 0
cors: false
cors_allow_origin: *
cors_allow_headers: Content-Type,X-Joomla-Token
cors_allow_methods:
behind_loadbalancer: false
proxy_enable: true
proxy_host: xxxxxx
proxy_port: 3128
proxy_user: xxxxxx
proxy_pass: xxxxxx
massmailoff: false
replyto:
replytoname:
MetaRights:
sitename_pagetitles: 0
session_filesystem_path:
session_memcached_server_host: xxxxxx
session_memcached_server_port: 11211
session_redis_persist: 1
session_redis_server_host: xxxxxx
session_redis_server_port: 6379
session_redis_server_db: 0
session_metadata_for_guest: true
frontediting: 1
log_everything: 1
log_deprecated: 0
=============
PHP Information
=============
apache2handler
=============
Apache Version: Apache/2.4.59 (Win64) OpenSSL/3.1.5 PHP/8.2.18 mod_fcgid/2.3.10-dev
Apache API Version: 20120211
Server Administrator: xxxxxx
Hostname:Port: joomlatest:0
Max Requests: Per Child: 0 - Keep Alive: on - Max Per Connection: 100
Timeouts: Connection: 60 - Keep-Alive: 5
Virtual Server: Yes
Server Root: xxxxxx
Loaded Modules: core mod_win32 mpm_winnt http_core mod_so mod_actions mod_alias mod_allowmethods mod_asis mod_auth_basic mod_auth_digest mod_authn_core mod_authn_file mod_authz_core mod_authz_groupfile mod_authz_host mod_authz_user mod_autoindex mod_cache mod_cache_disk mod_cgi mod_dir mod_env mod_file_cache mod_include mod_isapi mod_log_config mod_mime mod_negotiation mod_rewrite mod_setenvif mod_socache_shmcb mod_ssl mod_userdir mod_vhost_alias mod_php mod_fcgid
=============
engine
=============
Local Value: On
Master Value: On
=============
last_modified
=============
Local Value: Off
Master Value: Off
=============
xbithack
=============
Local Value: Off
Master Value: Off
=============
Apache Environment
=============
Variable: Value
HTTP_AUTHORIZATION: no value
HTTPS: on
SSL_TLS_SNI: joomlatest
SSL_SERVER_S_DN_C: FR
SSL_SERVER_S_DN_ST: Paris
SSL_SERVER_S_DN_L: Paris
SSL_SERVER_S_DN_O: Otomatic & Cie
SSL_SERVER_S_DN_OU: Wampserver
SSL_SERVER_S_DN_CN: joomlatest
SSL_SERVER_I_DN_C: FR
SSL_SERVER_I_DN_ST: Paris
SSL_SERVER_I_DN_L: Paris
SSL_SERVER_I_DN_O: Otomatic & Cie
SSL_SERVER_I_DN_CN: Otomatic & Cie
SSL_VERSION_INTERFACE: mod_ssl/2.4.59
SSL_VERSION_LIBRARY: OpenSSL/3.1.5
SSL_PROTOCOL: TLSv1.3
SSL_SECURE_RENEG: false
SSL_COMPRESS_METHOD: NULL
SSL_CIPHER: TLS_CHACHA20_POLY1305_SHA256
SSL_CIPHER_EXPORT: false
SSL_CIPHER_USEKEYSIZE: 256
SSL_CIPHER_ALGKEYSIZE: 256
SSL_CLIENT_VERIFY: NONE
SSL_SERVER_M_VERSION: 1
SSL_SERVER_M_SERIAL: 754F72A314A307C0E1EE9D5027AB241C426408A1
SSL_SERVER_V_START: Oct 28 13:11:17 2024 GMT
SSL_SERVER_V_END: Oct 28 13:11:17 2036 GMT
SSL_SERVER_S_DN: CN=joomlatest, OU=Wampserver, O=Otomatic & Cie, L=Paris, ST=Paris, C=FR
SSL_SERVER_I_DN: CN=Otomatic & Cie, O=Otomatic & Cie, L=Paris, ST=Paris, C=FR
SSL_SERVER_A_KEY: rsaEncryption
SSL_SERVER_A_SIG: sha256WithRSAEncryption
SSL_SESSION_ID: 25869f66fda02ecf0fa600b81184fbc54d63ed37fd671a73fdf746a856d16af4
SSL_SESSION_RESUMED: Resumed
HTTP_HOST: xxxxxx
HTTP_USER_AGENT: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:128.0) Gecko/20100101 Firefox/128.0
HTTP_ACCEPT: text/html, application/xhtml+xml, application/xml;q=0.9, image/avif, image/webp, image/png, image/svg+xml,*/*;q=0.8
HTTP_ACCEPT_LANGUAGE: fr, fr-FR;q=0.8, en-US;q=0.5, en;q=0.3
HTTP_ACCEPT_ENCODING: gzip, deflate, br, zstd
HTTP_REFERER: xxxxxx
HTTP_CONNECTION: keep-alive
HTTP_COOKIE: xxxxxx
HTTP_UPGRADE_INSECURE_REQUESTS: 1
HTTP_SEC_FETCH_DEST: document
HTTP_SEC_FETCH_MODE: navigate
HTTP_SEC_FETCH_SITE: same-origin
HTTP_SEC_FETCH_USER: ?1
HTTP_PRIORITY: u=0, i
PATH: xxxxxx
SystemRoot: C:\windows
COMSPEC: C:\windows\system32\cmd.exe
PATHEXT: .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
WINDIR: C:\windows
SERVER_SOFTWARE: Apache/2.4.59 (Win64) OpenSSL/3.1.5 PHP/8.2.18 mod_fcgid/2.3.10-dev
SERVER_NAME: xxxxxx
SERVER_ADDR: xxxxxx
SERVER_PORT: 443
REMOTE_ADDR: xxxxxx
DOCUMENT_ROOT: xxxxxx
REQUEST_SCHEME: https
CONTEXT_PREFIX: no value
CONTEXT_DOCUMENT_ROOT: xxxxxx
SERVER_ADMIN: xxxxxx
SCRIPT_FILENAME: xxxxxx
REMOTE_PORT: 52615
GATEWAY_INTERFACE: CGI/1.1
SERVER_PROTOCOL: HTTP/1.1
REQUEST_METHOD: GET
QUERY_STRING: option=com_admin&view=sysinfo&format=text&cf641cabf347675ff0af9fc0dab3b39d=1
REQUEST_URI: /administrator/index.php?option=com_admin&view=sysinfo&format=text&cf641cabf347675ff0af9fc0dab3b39d=1
SCRIPT_NAME: /administrator/index.php
Additional comments
Tested with Joomla 5.2.2 and all works fine. So It should be related to 5.2.3 only.
joomla-cms-bot
- | Labels |
Added:
No Code Attached Yet
|
||
chmst
- | Labels |
Added:
bug
|
||
bembelimen
- | Labels |
Added:
Release Blocker
|
||
Look like it causes by PR #44521 . @Hackwar Shouldn't we add ['option' => 'com_users', 'view' => 'user', 'layout' => 'edit'] to this array https://github.com/joomla/joomla-cms/blob/5.2-dev/libraries/src/Application/AdministratorApplication.php#L201 ?
yes adding that line it works like before
I think we can improve the logic of checkUserRequiresReset method to make it easier to understand. I will prepare and make a PR for this issue.
| Status | New | ⇒ | Closed |
| Closed_Date | 0000-00-00 00:00:00 | ⇒ | 2025-01-12 12:06:12 |
| Closed_By | ⇒ | alikon |
Hi,
I tested the pull request on my local Joomla instance. This fixed the redirection issue and user can connect to the backend but he is not noticed to renew his passord if "Require Password Reset" is set to Yes.
So it's better but not completly solved in my opinion.
richard67
- | Labels |
Removed:
Release Blocker
|
||
confirmed for backend.
frontend reset is working.