Links issued to users for password reset cause 400 Bad Request when used after PRLP upgrade

Created on 25 June 2020, over 4 years ago

Updated 27 July 2023, over 1 year ago

Because of the recent security issue, our organization updated the PRLP module from version 8.x-1.3 to 8.x-1.5. After the update, when we tested the password reset functionality, the reset links were still emailed to the appropriate addresses, but when the users attempted to use them, they received a 400 Bad Request error. This did not happen prior to the update. Thinking that this might be resolved in 8.x-1.6, we tried to update PRLP to the latest version but the problem still occurred.

A sample URL from PRLP reset is shown below.

https://<ourorg>/user/reset/214/1592942239/izl896rI8kdsx20gs4b8EsFMaheRWd9-MBc44BCS_vI

🐛 Bug report

Status

Closed: cannot reproduce

Version

1.0

Component

Code

Created by

🇺🇸United States cmillsap

Live updates comments and jobs are added and updated live.

Incomplete comments

Comments & Activities

Not all content is available!

It's likely this issue predates Contrib.social: some issue and comment data are missing.

Comment over 1 year ago →
🇺🇸United States colle901
Use %user as the token instead of %uid.

contrib.social Blog FAQ Discussions

Production build 0.71.5 2024