I have a user who cannot change their password after requesting a password reset via the forgot password button.
The user gets the email, press the link and it takes them to the URL something like this (Please use the following link to reset your password: https://insdevcloud.icednetworks.info/index.php/lostpassword/reset/form/uu6V6jiqfQub77mESYihA/testuser)
The user type in his new password but nothing happens it just keeps repeating the cycle. and remains on the same page.
Steps to reproduce
Donât know if this can be reproduced but here goes.
- try to login using a wrong password.
- the forgot password link should then appear (âforgot your passwordâ reset it!")
- user received and email with the url link to press
- click the url, take you to the passwords reset page
- user enter new passowrd, presses the "Reset Passwordâ button but nothing happens.
System does not reset password remains on this page.
I am NOT USING LDAP, this is all internal OC users .
Expected behaviour
Once the new password has been entered, the password should be updated ( provided it meets the password policy standards) in this case it did.
take user to the login screen so they can log in.
Actual behaviour
Nothing happens remain on the reset password page and does not reset password.
Server configuration
Operating system:
Ubuntu 18.04 lts
Web server:
Apache 2
Database:
Mysql
PHP version:
PHP 7.3.18-1
ownCloud version: (see ownCloud admin page)
10.4.1.3
Updated from an older ownCloud or fresh install:
upgrade from 10.0.1
Where did you install ownCloud from:
from tar file owncloud-10.4.1.tar.bz2
Signing status (ownCloud 9.0 and above):
No errors have been found.
Login as admin user into your ownCloud and access
http://example.com/index.php/settings/integrity/failed
paste the results into https://gist.github.com/ and puth the link here.
The content of config/config.php:
sudo -u www-data php occ config:list system
{
âsystemâ: {
âpasswordsaltâ: âREMOVED SENSITIVE VALUEâ,
âsecretâ: âREMOVED SENSITIVE VALUEâ,
âtrusted_domainsâ: [
âinsdevcloud.icednetworks.infoâ,
âinsdevcloud.icednetworks.netâ,
âinsdevcloud.icednetworks.comâ,
âinsdevdevcloud.icednetworks.com.auâ,
âinsdevcloudâ,
âx.x.x.193â
],
âdatadirectoryâ: â/oc/dataâ,
âoverwrite.cli.urlâ: âhttp://localhostâ,
âdbtypeâ: âmysqlâ,
âversionâ: â10.4.1.3â,
âdbnameâ: âocâ,
âdbhostâ: âlocalhostâ,
âdbtableprefixâ: âoc_â,
âmysql.utf8mb4â: true,
âdbuserâ: âREMOVED SENSITIVE VALUEâ,
âdbpasswordâ: âREMOVED SENSITIVE VALUEâ,
âlogtimezoneâ: âAustralia/Melbourneâ,
âapps_pathsâ: [
{
âpathâ: â/var/www/owncloud/appsâ,
âurlâ: â/appsâ,
âwritableâ: false
},
{
âpathâ: â/var/www/owncloud/apps-externalâ,
âurlâ: â/apps-externalâ,
âwritableâ: true
},
{
âpathâ: â/var/www/owncloud/insappsâ,
âurlâ: â/insappsâ,
âwritableâ: true
}
],
âinstalledâ: true,
âmaintenanceâ: false,
âlog_rotate_sizeâ: 10485760,
âenable_avatarsâ: true,
âallow_user_to_change_display_nameâ: true,
âthemeâ: ââ,
âmail_smtpmodeâ: âsmtpâ,
âmail_from_addressâ: âREMOVED SENSITIVE VALUEâ,
âmail_domainâ: âREMOVED SENSITIVE VALUEâ,
âmail_smtphostâ: âREMOVED SENSITIVE VALUEâ,
âlog_typeâ: âowncloudâ,
âlogfileâ: âowncloud.logâ,
âloglevelâ: 1,
âlogdateformatâ: âY-m-d H:i:sâ,
âtrashbin_retention_obligationâ: âdisabledâ,
âupdatecheckerâ: true,
âfiles_external_allow_create_new_localâ: âtrueâ,
âintegrity.check.disabledâ: false,
âmail_smtpportâ: â25â,
âintegrity.ignore.missing.app.signatureâ: [
âins-themeâ,
âins_testâ
],
âmemcache.localâ: â\OC\Memcache\Redisâ,
âmemcache.distributedâ: â\OC\Memcache\Redisâ,
âmemcache.lockingâ: â\OC\Memcache\Redisâ,
âredisâ: {
âhostâ: âlocalhostâ,
âportâ: 6379
},
âtoken_auth_enforcedâ: true,
âdebugâ: false,
âknowledgebaseenabledâ: true,
âremember_login_cookie_lifetimeâ: 2592000,
âinstanceidâ: âocv11meksi5iâ
}
}
Log in to the web-UI with an administrator account and click on
'admin' -> 'Generate Config Report' -> 'Download ownCloud config report'
This report includes the config.php settings, the list of activated apps
and other details in a well sanitized form.
or
If you have access to your command line run e.g.:
sudo -u www-data php occ config:list system
from within your ownCloud installation folder
*ATTENTION:* Do not post your config.php file in public as is. Please use one of the above
methods whenever possible. Both, the generated reports from the web-ui and from occ config:list
consistently remove sensitive data. You still may want to review the report before sending.
If done manually then it is critical for your own privacy to dilligently
remove *all* host names, passwords, usernames, salts and other credentials before posting.
You should assume that attackers find such information and will use them against your systems.
List of activated apps:
Enabled:
- activity: 2.5.3
- afterlogic: 1.2.2
- announcementcenter: 1.2.1
- bookmarks: 0.10.6
- brute_force_protection: 1.0.1
- calendar: 1.6.4
- camerarawpreviews: 0.6.4
- checksum: 0.3.5
- comments: 0.3.0
- configreport: 0.2.0
- contacts: 1.5.5
- customgroups: 0.6.0
- dav: 0.5.0
- diagnostics: 0.1.4
- external: 1.4.0
- extract: 1.2.4
- federatedfilesharing: 0.5.0
- federation: 0.1.0
- files: 1.5.2
- files_antivirus: 0.15.1
- files_external: 0.7.1
- files_mediaviewer: 1.0.2
- files_pdfviewer: 0.11.1
- files_sharing: 0.12.0
- files_texteditor: 2.3.0
- files_textviewer: 1.0.3
- files_trashbin: 0.9.1
- files_versions: 1.3.0
- firstrunwizard: 1.2.0
- gallery: 16.1.1
- guests: 0.9.0
- impersonate: 0.5.0
- ins-theme: 2.3.1
- market: 0.5.0
- nextbackup: 19.12.1
- notes: 2.0.6
- notifications: 0.5.0
- oauth2: 0.4.3
- onlyoffice: 4.2.1
- passman: 2.1.4
- password_policy: 2.1.2
- provisioning_api: 0.5.0
- qownnotesapi: 19.1.0
- systemtags: 0.3.0
- tasks: 0.9.7
- templateeditor: 0.4.0
- twofactor_totp: 0.6.1
- updatenotification: 0.2.1
- user_external: 0.6.0
Disabled: - encryption
- theme-example-master
If you have access to your command line run e.g.:
sudo -u www-data php occ app:list
from within your ownCloud installation folder.
Are you using external storage, if yes which one: local/smb/sftp/âŚ
No internal
Are you using encryption: yes/no
No
Are you using an external user-backend, if yes which one: LDAP/ActiveDirectory/Webdav/âŚ
No
LDAP configuration (delete this part if not used)
None - not using LDAP
With access to your command line run e.g.:
sudo -u www-data php occ ldap:show-config
from within your ownCloud installation folder
Without access to your command line download the data/owncloud.db to your local
computer or access your SQL server remotely and run the select query:
SELECT * FROM `oc_appconfig` WHERE `appid` = 'user_ldap';
Eventually replace sensitive data as the name/IP-address of your LDAP server or groups.
Client configuration
Browser:
Chrome/ms Edge/ Firefox
Operating system:
windows 10
Logs
Web server error log
insdevcloud.icednetworks.info-error.log
[Tue Jun 23 06:25:36.112736 2020] [ssl:warn] [pid 25707] AH01909: insdevcloud.icednetworks.info:443:0 server certificate does NOT include an ID which matches the server name
[Tue Jun 23 09:37:27.395024 2020] [php7:warn] [pid 29972] [client 192.168.168.104:54002] PHP Warning: "continue" targeting switch is equivalent to "break". Did you mean to use "continue 2"? in /usr/share/phpmyadmin/libraries/config/Form
Display.php on line 660
[Tue Jun 23 18:49:37.252322 2020] [ssl:warn] [pid 2032] AH01909: insdevcloud.icednetworks.info:443:0 server certificate does NOT include an ID which matches the server name
[Tue Jun 23 18:49:37.320405 2020] [ssl:warn] [pid 2038] AH01909: insdevcloud.icednetworks.info:443:0 server certificate does NOT include an ID which matches the server name
Insert your webserver log here
ownCloud log (data/owncloud.log)
Insert your ownCloud log here
root@insdevcloud:/var/www/owncloud# tail -f owncloud.log
{âreqIdâ:âXvHEtFf6KDMsGNlOLkJuDwAAAAkâ,âlevelâ:3,âtimeâ:â2020-06-23 19:00:36â,âremoteAddrâ:â192.168.168.202â,âuserâ:"â",âappâ:âPHPâ,âmethodâ:âGETâ,âurlâ:"/index.php/login",âmessageâ:âUndefined index: username at /var/www/owncloud/insapps/ins-theme/core/templates/login.php#59â}
{âreqIdâ:âXvHExLW-gv-BZplu2ADMfQAAAAIâ,âlevelâ:3,âtimeâ:â2020-06-23 19:00:52â,âremoteAddrâ:â192.168.168.202â,âuserâ:"â",âappâ:âPHPâ,âmethodâ:âGETâ,âurlâ:"/index.php/login?redirect_url=%252Findex.php%252Fsettings%252Fadmin%253Fsectionid%253Dgeneral",âmessageâ:âUndefined index: username at /var/www/owncloud/insapps/ins-theme/core/templates/login.php#59â}
{âreqIdâ:âXvHE5@FdQWPB3OXlm4wtTQAAAAcâ,âlevelâ:3,âtimeâ:â2020-06-23 19:01:28â,âremoteAddrâ:â192.168.168.202â,âuserâ:"â",âappâ:âPHPâ,âmethodâ:âGETâ,âurlâ:"/index.php/login",âmessageâ:âUndefined index: username at /var/www/owncloud/insapps/ins-theme/core/templates/login.php#59â}
{âreqIdâ:âXvHE8RKYjWqkclsONfkKVgAAAAAâ,âlevelâ:2,âtimeâ:â2020-06-23 19:01:37â,âremoteAddrâ:â192.168.168.202â,âuserâ:"â",âappâ:âcoreâ,âmethodâ:âPOSTâ,âurlâ:"/index.php/login",âmessageâ:âLogin failed: âtestuserâ (Remote IP: â192.168.168.202â)â}
{âreqIdâ:âXvHE8RKYjWqkclsONfkKVwAAAAAâ,âlevelâ:3,âtimeâ:â2020-06-23 19:01:37â,âremoteAddrâ:â192.168.168.202â,âuserâ:"â",âappâ:âPHPâ,âmethodâ:âGETâ,âurlâ:"/index.php/login?user=testuser",âmessageâ:âUndefined index: username at /var/www/owncloud/insapps/ins-theme/core/templates/login.php#59â}
{âreqIdâ:âXvHFLHowV5g0c0aGu2-erwAAAAsâ,âlevelâ:3,âtimeâ:â2020-06-23 19:02:36â,âremoteAddrâ:â192.168.168.202â,âuserâ:"â",âappâ:âPHPâ,âmethodâ:âGETâ,âurlâ:"/index.php/login",âmessageâ:âUndefined index: username at /var/www/owncloud/insapps/ins-theme/core/templates/login.php#59â}
Browser log
Insert your browser log here, this could for example include:
a) The javascript console log
b) The network log
c) ...