Contrib.social

Reset password goes to wrong destination

Open on Drupal.org →
Created on 5 February 2022, over 3 years ago
Updated 7 April 2024, about 1 year ago

problem motivation

The password reset/forgot password one-time link goes to wrong destination when clicked from gmail. Howwver when the link is copied and pasted onto browser tab, it goes to the right location.

Example:

one-time password link: https://myproject/user/reset/4/1643930438/iirHPI_7nRpDk6wMT0mPuHPQvLBAb6...
upon clicking this link, the control goes to https://myproject/user/login?destination=user/reset/4 and this is the user login page.
But the control should go to https://myproject/user/reset/4
This is happening only when we click the link. It does not happen when the link is copy-pasted in the browser. Is there a way to fix this problem? Some kind of redirect???

Steps to Reproduce:

1. Log out of your site
2. Hit reset password/Forgot password link and enter your username
3. You will receive a one-time login link to your email
4. Click on the link and it will go to /user/login?destination=user/reset/4 but it should go to /user/reset/4
5. This bug is clearly visible from gmail. Does not happen on outlook.

💬 Support request
Status

Postponed: needs info

Version

3.1

Component

User interface

Created by

🇫🇮Finland s_andy

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Comments & Activities

Not all content is available!

It's likely this issue predates Contrib.social: some issue and comment data are missing.

  • Comment about 1 year ago
    🇺🇸United States Kristen Pol Santa Cruz, CA, USA

    Thanks for the issue. Sounds like this may be a mail provider issue rather than a module issue given it works in Outlook.

    As the 8.x is no longer supported, I'm postponing this issue for now and need feedback as to whether or not this issue is relevant to 4.0.x.

    If it is, please reopen and change the version and make sure the issue summary is clear and complete, including concrete steps to reproduce. If it's not, please close.

    If there is no response to this in a month addressing the above, it can be closed.

  • Comment about 1 month ago
    🇮🇹Italy skrudge

    I found a possible problem. In Drupal 10 the Password Reset Link is generated as:

    http://default/user/login

    because:
    Line 427 -> $link = Url::fromRoute('user.login', [], ['absolute' => TRUE])->toString();
    Generate the Link as Default.

    If you change to:
    $base_url = \Drupal::request()->getSchemeAndHttpHost();
    $link = $base_url . Url::fromRoute('user.login', [], ['absolute' => FALSE])->toString();

    the link is correct

contrib.social Blog FAQ Discussions
Production build 0.71.5 2024