Recover password verification includes also Groups

E-mail notifications

Adrian Ursu

Posted on 31/03/2017 14:07:35

Hi Guys,

I have encountered a strage behavior.

I have set a Passwrod recovery functionality where theuser enters the email and receives an email with a reset link.

So far so good.

However, some of the user received a "User not found error". From my experience this can mean 2 things:

1. User does not exists

2. There are more than one users with the same email address

I have serached in the backend for duplicate users and I could not find duplicates.

However, when I looked in the database, I have found that the company group (where the user is assigned) has also an email field and some companies had the same email address as the users.

I believe this behavior is wrong because I don't see any reason why a group should be included in the search for Password recovery. I believe the AccessUserType = 5 condition is missing when searching for a valid user for password recovery.

I am using 8.8.1.32.

Thanks,

Adrian

Replies

Oleg Rodionov

Posted on 03/04/2017 01:29:10

Hi Adrian,

Yup, the bug is reproduced in fact, I've created new TFS-32020 will be fixed on nearest DW hotfix/release, thanks.

BR, Oleg

Kristian Kirkholt

Posted on 20/09/2017 16:13:35

Hi Adrian

The problem TFS#32020 "Recover password verification includes also Groups" has now been fixed in Package "Dynamicweb.UserManagement" version 1.2.2

You are able to find this update in the backend Package update section.

Also the correction are part of the 9.3 release

You are able to find this build in the download section:

http://doc.dynamicweb.com/releases-and-downloads/releases

Please contact Dynamicweb Support if you need any additional help regarding this.

Kind Regards
Dynamicweb Support
Kristian Kirkholt

You must be logged in to post in the forum

Developer forum

Recover password verification includes also Groups

Replies