Reset password - Could not reset password because the token is invalid

sysnet · July 3, 2019, 7:51am

Hello,
if I click on the reset password link (in the e-mail) I have this message:
Could not reset password because the token is invalid

If I create a new user and redo the reset password procedure, in this case work.
The problem is on “old” users.
Any help?
Thanks.

Steps to reproduce

Expected behaviour

Tell us what should happen

Actual behaviour

Tell us what happens instead

Server configuration

Operating system:

Web server:

Database:

PHP version:

ownCloud version: (see ownCloud admin page)

Updated from an older ownCloud or fresh install:

Where did you install ownCloud from:

Signing status (ownCloud 9.0 and above):

Login as admin user into your ownCloud and access 
http://example.com/index.php/settings/integrity/failed 
paste the results into https://gist.github.com/ and puth the link here.

The content of config/config.php:

Log in to the web-UI with an administrator account and click on
'admin' -> 'Generate Config Report' -> 'Download ownCloud config report'
This report includes the config.php settings, the list of activated apps
and other details in a well sanitized form.

or 

If you have access to your command line run e.g.:
sudo -u www-data php occ config:list system
from within your ownCloud installation folder

*ATTENTION:* Do not post your config.php file in public as is. Please use one of the above
methods whenever possible. Both, the generated reports from the web-ui and from occ config:list
consistently remove sensitive data. You still may want to review the report before sending.
If done manually then it is critical for your own privacy to dilligently
remove *all* host names, passwords, usernames, salts and other credentials before posting.
You should assume that attackers find such information and will use them against your systems.

List of activated apps:

If you have access to your command line run e.g.:
sudo -u www-data php occ app:list
from within your ownCloud installation folder.

Are you using external storage, if yes which one: local/smb/sftp/…

Are you using encryption: yes/no

Are you using an external user-backend, if yes which one: LDAP/ActiveDirectory/Webdav/…

LDAP configuration (delete this part if not used)

With access to your command line run e.g.:
sudo -u www-data php occ ldap:show-config
from within your ownCloud installation folder

Without access to your command line download the data/owncloud.db to your local
computer or access your SQL server remotely and run the select query:
SELECT * FROM `oc_appconfig` WHERE `appid` = 'user_ldap';


Eventually replace sensitive data as the name/IP-address of your LDAP server or groups.

Client configuration

Browser:

Operating system:

Logs

Web server error log

Insert your webserver log here

ownCloud log (data/owncloud.log)

Insert your ownCloud log here

Browser log

Insert your browser log here, this could for example include:

a) The javascript console log
b) The network log 
c) ...

eneubauer · July 3, 2019, 9:15am

Hi,
Can you send some more information about the server, like for example PHP version and ownCloud version? The form is there to be filled out, that the people here, who would like to help you in their free time, have all the necessary information straight away and are therefore able to help you faster.

Regarding your specific problem, just making sure I understand correctly: are you sending new tokens and they are immediately showing the error message?
Because I think the password reset link tokens expire after 12 hours and this time is hardcoded (I hope I remember that right, otherwise somebody please correct me). So in that case the error message would be expected behavior.

Thanks,
Erik

sysnet · July 3, 2019, 1:49pm

Hi Erik,

the versions are:

root@owncloud ~# php --version

PHP 5.6.40-0+deb8u4 (cli) (built: Jun 3 2019 09:30:09)

and owncloud 10.0.10.

Regarding the problem:

At login I insert a wrong password and click on link to reset password. Immediately click on link received in the e-mail and the system show the error.

I tried to create a new user and if I redo the reset procedure, in this case the system works.

The problem occurs with all “old” users.

Thanks,

Paolo

eneubauer · July 4, 2019, 3:33pm

Hi Paolo,
Can you have a look in the owncloud.log and the apache error.log file and paste the error messages regarding the expired token here.
As your ownCloud version is a little older I’ve had a quick look on Github whether I could find related bugs, but was unsuccessful for now (doesn’t mean there isn’t one, just that I didn’t find one). Perhaps you could also have a look: https://github.com/owncloud/core/issues/
I think additionally you could have a look into the oc_authtoken which might be the corresponding database table for the generated tokens, after you’ve created a password reset email in the web interface.
I’m also not sure whether the ownCloud version you’re using actually still supports your PHP version, as 5.6 is quite old now as well…
Cheers,
Erik

tom42 · July 4, 2019, 5:17pm

Hey @sysnet, @eneubauer,

i just have found the following changelog entry of the recently announced ownCloud Server 10.2.1 Released :

Incorrectly sent password reset tokens #32889 #35607

sysnet · July 5, 2019, 12:33pm

Hi Erik,

this morning while I was doing the password reset procedure, to recreate the log file, the system started working again.

I also asked a colleague to try again and he confirmed that he works too.

I don’t know why, but if I find out what happened, I’ll let you know.

Thanks for the support.

Paolo