Developer forum

Hi Sean

Looking at the code that handles forgot password feature, it sends an email to each record in the database where the email matches.

There is one check though - if you have multiple users with the same email address, and you add the forgot password feature to a page that has extranet permissions that the users with the email address do not have access to, it will return as the user was not found.

So, I think we need to take a look at the actual implementation to find the issue (you can investigate by your self, or provide us with a URL)

BR Nicolai

Hi Nicolai,

The template provided in the empty solutionset has a check within the template that prevents this from working if there is more than 1 account found:

        <!--@If(UserManagement:User.Login.FoundUsersCount=0 || UserManagement:User.Login.FoundUsersCount>1)-->
        <div class="info-pane error">User not found!</div>
        <!--@EndIf-->

That's from a fresh download from the developer portal. (\Files\Templates\UserManagement\Login\password_recovery.html). We have an updated Razor version that we use, but it has the same issue.

When I remove that check for FoundUsersCount > 1, there is a postback to the same page but it doesn't return the expected data and it doesn't send the email.

When outputting the POST data after submitted the email address, it's the same for each:

ForgotPasswordMailTemplate Login/PasswordRecoveryEmail.html
ForgotPasswordSenderEmail noreply@company.com
ForgotPasswordMailSubject Denville - Recover password
AccessUserEmail email_with_1_occurance@domain.com
LoginAction Recovery

This works, and the logic for UserManagement:User.Login.Action is correctly set to "RecoveryLinkSent" in the template, so even though the POST data shows LoginAction = Recovery, the template tags were able to determine that it's a successful submission. 

However, with the other email address, it doesn't work. The POST data looks like this:

ForgotPasswordMailTemplate Login/PasswordRecoveryEmail.html
ForgotPasswordSenderEmail noreply@company.com
ForgotPasswordMailSubject Denville - Recover password
AccessUserEmail email_with_many_occurances@domain.com
LoginAction Recovery

And UserManagement:User.Login.Action is set to "Recovery" in the template tags.

So it seems that it's not handling the multiple accounts with the same email, or at least not as I would assume.

Thanks,

Scott

Hi,

we are expiriencing the same as above - multiple accounts with the same email where recovery mails are not send. I can reproduce this on a version 8.9.2.21 and 8.8.1.6. Have tried to remove the UserManagement:User.Login.FoundUsersCount>1) check in the template but then no error message is displayed and recover email is not send.

Any fix for this?

Thanks, Søren

Hi Søren

If you use the usermanagement module recover password feature, it will not send recovery mails if more than one user shares the same email. Probably because the system does not know who to reset - one might work, another not...

It is the same on 8+9.

If you use recover password from layout template instead, it should work.

I've just made a chance, TFS#58119, that will reset password on all users using that email address. Not sure that is a good idea - you could end up resetting users that should not be...

Attached find an unofficial dynamicweb.dll for the latest 8 that have removed this check. See if it works. But still not sure we want it this way as it could cause lots of problems.