I have a new 1.10.1 installation. I had an issue whereby Agents testing the system forgot their passwords then we unable to reset ("Unable to reset password. Contact your administrator"). The logs showed they had logged in when I setup the accounts but not again.

I think what happened is when they got the initial link to set the password, instead of clicking "Save/Update" they clicked "Reset" (which I believe is to clear the form, perhaps "Clear" would be better terminology to use here to avoid confusion since you are "Resetting your password").

This resulted in a password never being set so the scp/pwreset.php class then rejects the subsequent password reset requested since no password exists.

I changed the code to:

case 'sendmail':
if (($staff=Staff::lookup($_POST['userid']))) {
// KK 09/05/2019
/**if (!$staff->hasPassword()) {
$msg = __('Unable to reset password. Contact your administrator');
}
elseif (!$staff->sendResetEmail()) {
$tpl = 'pwreset.sent.php';
}*/
if (!$staff->sendResetEmail()) {
$tpl = 'pwreset.sent.php';
}
}

I am not sure the need for checking if the staff member has a password already when resetting? Regardless, I saw a number of posts with users having this kind of issue, pretty sure they have having the same issue.

    kk_rsa I have a new 1.10.1 installation.

    As a side note there is nothing new about 1.10.1. It was released in 2017. You should be running 1.10.6 or the current stable 1.12.

        ntozier I mean new, as in, it has been newly installed not that it is the most current/latest version.

        So are you saying this issue has been resolved in the latest version?

            kk_rsa So are you saying this issue has been resolved in the latest version?

            Most likely, a lot has changed in 2 years of releases.

            • agco replied to this.
                a year later

                You would like to think that "a lot has changed in 2 years of releases" (we are in v1.14.1), but not this error in the logic.
                The OPs suggestion works perfectly. osTicket needs to add this to the list of things to fix.

                @agco

                I will have to discuss this with the team internally. However, the problem is upon creating the Agent account someone failed to input a password or the Agent never finished setting up their account. So instead of the Agent trying to "reset a password" when they don't even have a password set, the Admin should go to the Agent account and set a temporary password. Like I said, I will discuss this with the team internally to see if we should look at changing this.

                Cheers.

                @agco

                We have discussed this internally and we shouldn't use Password Reset if no password has been set. Instead, we will implement a check where if someone requests a password reset and they don't have already have one set it will resend the activation email where the Agent can go in and finish setting up the account (ie. set a password).

                @kk_rsa also had an interesting comment of maybe the agent clicked Reset and that's why the password wasn't saved. I will need to do some testing on this to confirm this is not the case as an Agent shouldn't be able to do anything in the system until they finish setting up their account and authenticate with their password.

                Cheers.

                Fine, thank you. I suggest at least the message to the user is made clearer. Currently the only way to see the cause for the error is to look at the code.

                Sorry to keep adding to this thread, but in case anyone else finds it, in v1.14.2 this has changed.
                Instead of testing for $staff->hasPassword(), it testes for $acct->isPasswdResetEnabled()

                @KevinTheJedi The dialogs in the set password need to be made much more user-friendly. The password fields are not shown until you unselect "send password reset email". That should be radio button, so the existing options are more evident.

                @agco well if you just want to send the password reset email ... it should send them a password reset email and you do not have to enter a password for them. If you want to set a password for them you would uncheck that and then it prompts you for the password. Being as I always set passwords for my agents and then make them change it at first logon I've never seen a problem with his this is displayed. /shrug.

                @agco

                Well, we are doing a full UI/UX overhaul with version 2.0, so please stay tuned. We do not have a set develop/release date.

                Cheers.

                7 days later
                Write a Reply...